CLSA-2022-1660757175
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1660757175.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2022-1660757175
- Upstream
- Published
- 2022-08-17T17:26:15Z
- Modified
- 2026-05-27T11:35:25.564134067Z
- Summary
- Fixed 15 CVEs in expat
- Details
-
- CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs
- CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution
- CVE-2022-25315: Fix integer overflow in storeRawNames()
- CVE-2022-22822: Fix integer overflow in addBinding()
- CVE-2022-22823: Fix integer overflow in build_model()
- CVE-2022-22824: Fix integer overflow in defineAttribute()
- CVE-2022-22825: Fix integer overflow in lookup()
- CVE-2022-22826: Fix integer overflow in nextScaffoldPart()
- CVE-2022-22827: Fix integer overflow in storeAtts()
- CVE-2022-23852: Fix integer overflow in XML_GetBuffer()
- CVE-2021-46143: Fix integer overflow on m_groupSize in doProlog()
- CVE-2021-45960: Fix troublesome left shifts in storeAtts()
- CVE-2022-23990: Fix integer overflow in doProlog()
- CVE-2022-25313: Fix stack exhaustion in build_model()
- CVE-2022-25314: Fix integer overflow in copyString()
- References
Affected packages
TuxCare:CentOS:8.4 / expat
Package
- Name
- expat
- Purl
- pkg:rpm/tuxcare/expat?distro=centos-8.4
TuxCare:CentOS:8.4 / expat-devel
Package
- Name
- expat-devel
- Purl
- pkg:rpm/tuxcare/expat-devel?distro=centos-8.4