Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS2-2022-1809

Related Vulnerabilities: CVE-2021-46143   CVE-2022-22822   CVE-2022-22823   CVE-2022-22824   CVE-2022-22825   CVE-2022-22826   CVE-2022-22827  

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143) addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822) build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823) defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22824) lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825) nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22826) storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)

Source

ALAS2-2022-1809

Amazon Linux 2 Security Advisory: ALAS-2022-1809
Advisory Release Date: 2022-07-06 03:09 Pacific
Advisory Updated Date: 2022-07-14 21:51 Pacific
Severity: Medium
Issue Overview:

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143)

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22824)

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22826)

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)


Affected Packages:

expat


Issue Correction:
Run yum update expat to update your system.

New Packages:
aarch64:
    expat-2.1.0-14.amzn2.0.1.aarch64
    expat-devel-2.1.0-14.amzn2.0.1.aarch64
    expat-static-2.1.0-14.amzn2.0.1.aarch64
    expat-debuginfo-2.1.0-14.amzn2.0.1.aarch64

i686:
    expat-2.1.0-14.amzn2.0.1.i686
    expat-devel-2.1.0-14.amzn2.0.1.i686
    expat-static-2.1.0-14.amzn2.0.1.i686
    expat-debuginfo-2.1.0-14.amzn2.0.1.i686

src:
    expat-2.1.0-14.amzn2.0.1.src

x86_64:
    expat-2.1.0-14.amzn2.0.1.x86_64
    expat-devel-2.1.0-14.amzn2.0.1.x86_64
    expat-static-2.1.0-14.amzn2.0.1.x86_64
    expat-debuginfo-2.1.0-14.amzn2.0.1.x86_64

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started