CVE-2022-25315

Name

CVE-2022-25315

Description

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://github.com/libexpat/libexpat/pull/559
Mailing List	http://www.openwall.com/lists/oss-security/2022/02/19/1
Third Party Advisory	https://www.debian.org/security/2022/dsa-5085
Mailing List	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
Third Party Advisory	https://security.netapp.com/advisory/ntap-20220303-0008/
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
MISC	https://www.oracle.com/security-alerts/cpuapr2022.html
Third Party Advisory	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Third Party Advisory	https://security.gentoo.org/glsa/202209-24
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libexpat_project:libexpat::::::::`	libexpat	>= None	< 2.4.5

Source package	Branch	Version	Maintainer	Status
expat	edge-main	2.4.5-r0	None	fixed
expat	3.22-main	2.4.5-r0	None	fixed
expat	3.21-main	2.4.5-r0	None	fixed
expat	3.20-main	2.4.5-r0	None	fixed
expat	3.19-main	2.4.5-r0	None	fixed
expat	3.18-main	2.4.5-r0	None	fixed
expat	3.17-main	2.4.5-r0	None	fixed
expat	3.12-main	2.2.10-r2	None	fixed