Errata ALT-PU-2022-3808-1: Information
Fixes
Published: Jan. 10, 2022
BDU:2022-00800
Уязвимость функции defineAttribute файла xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
BDU:2022-00805
Уязвимость функции lookupl файла xmlparse.c библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Dec. 30, 2021
BDU:2022-01003
Уязвимость функции storeAtts() библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
BDU:2022-01052
Уязвимость функции doProlog (xmlparse.c) библиотеки Expat, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
BDU:2022-01058
Уязвимость функции storeAtts (xmlparse.c) библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
BDU:2022-01059
Уязвимость функции nextScaffoldPart (xmlparse.c) библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
BDU:2022-01060
Уязвимость функции build_model (xmlparse.c) библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
BDU:2022-02823
Уязвимость функции addBinding() библиотеки Expat, позволяющая нарушителю выполнить произвольный код
Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 21, 2014
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2013-0340
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
Severity: MEDIUM (6.8)
Links:
- [oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion
- [oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments
- 90634
- 1028213
- 58233
- GLSA-201701-21
- https://support.apple.com/kb/HT212814
- https://support.apple.com/kb/HT212815
- https://support.apple.com/kb/HT212819
- https://support.apple.com/kb/HT212807
- https://support.apple.com/kb/HT212804
- https://support.apple.com/kb/HT212805
- 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
- 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
- 20210921 APPLE-SA-2021-09-20-3 tvOS 15
- 20210921 APPLE-SA-2021-09-20-2 watchOS 8
- 20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
- 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
- [oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs
- 20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
- 20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15
- 20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8
- https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
- https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
Published: Jan. 1, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/libexpat/libexpat/issues/531
- https://github.com/libexpat/libexpat/pull/534
- https://bugzilla.mozilla.org/show_bug.cgi?id=1217609
- [oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes
- https://security.netapp.com/advisory/ntap-20220121-0004/
- https://www.tenable.com/security/tns-2022-05
- DSA-5073
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- GLSA-202209-24
Published: Jan. 6, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
- https://github.com/libexpat/libexpat/issues/532
- https://github.com/libexpat/libexpat/pull/538
- [oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes
- https://security.netapp.com/advisory/ntap-20220121-0006/
- https://www.tenable.com/security/tns-2022-05
- DSA-5073
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- GLSA-202209-24
Published: Jan. 10, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links:
Published: Jan. 10, 2022
Modified: Oct. 6, 2022
Modified: Oct. 6, 2022
CVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Links: