Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
CVE-2022-22827
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-22827
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-22827.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-22827
Downstream
ALPINE-CVE-2022-22827
DEBIAN-CVE-2022-22827
DLA-2904-1
DSA-5073-1
OESA-2022-1490
OESA-2023-1464
OESA-2023-1465
RHBA-2022:4046
RHSA-2022:0951
RHSA-2022:1069
RHSA-2022:7692
SUSE-SU-2022:0178-1
SUSE-SU-2022:0179-1
SUSE-SU-2022:14878-1
UBUNTU-CVE-2022-22827
USN-5288-1
USN-5455-1
USN-7199-1
openSUSE-SU-2022:0178-1
openSUSE-SU-2024:11762-1
Related
ALSA-2022:0951
ALSA-2022:7692
MGASA-2022-0031
RLSA-2022:0951
RLSA-2022:7692
SUSE-SU-2022:0178-1
SUSE-SU-2022:0179-1
SUSE-SU-2022:14878-1
openSUSE-SU-2022:0178-1
openSUSE-SU-2024:11762-1
Published
2022-01-10T14:12:57Z
Modified
2025-09-30T04:23:44.423620Z
Severity
8.8 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
http://www.openwall.com/lists/oss-security/2022/01/17/3
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://github.com/libexpat/libexpat/pull/539
https://security.gentoo.org/glsa/202209-24
https://www.debian.org/security/2022/dsa-5073
https://www.tenable.com/security/tns-2022-05
Affected packages
Git
/
github.com/libexpat/libexpat
Affected ranges
Type
GIT
Repo
https://github.com/libexpat/libexpat
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Fixed
57c7da69b78e3698e112a6b5da19d5109b8232d1
Affected versions
Other
REC1_0
R_1_95_0
R_1_95_2
R_1_95_3
R_1_95_4
R_1_95_5
R_1_95_6
R_1_95_7
R_1_95_8
R_2_0_0
R_2_0_1
R_2_1_0
R_2_1_1
R_2_2_0
R_2_2_1
R_2_2_10
R_2_2_2
R_2_2_3
R_2_2_4
R_2_2_5
R_2_2_6
R_2_2_7
R_2_2_8
R_2_2_9
R_2_3_0
R_2_4_0
R_2_4_1
R_2_4_2
V1990307
V19981122
V19981231
V19990109
V19990425
V19990626
V19990709
V19990728
V19991013
V1_0
V1_1
V20000512
beta2
beta3
beta4
jclark-orig
libexpat-alpha-1
sourceforge_init
start
CVE-2022-22827 - OSV