Product:

Libexpat

(Libexpat_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2022-01-10 CVE-2022-22827 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Debian_linux, Libexpat, Sinema_remote_connect_server, Nessus 8.8
2022-01-24 CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Debian_linux, Libexpat, Clustered_data_ontap, Oncommand_workflow_automation, Communications_metasolv_solution, Sinema_remote_connect_server, Nessus 9.8
2022-01-26 CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. Debian_linux, Fedora, Libexpat, Communications_metasolv_solution, Sinema_remote_connect_server, Nessus 7.5
2022-02-16 CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 9.8
2022-02-16 CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Debian_linux, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 9.8
2022-02-18 CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 6.5
2022-02-18 CVE-2022-25314 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 7.5
2022-02-18 CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Debian_linux, Fedora, Libexpat, Http_server, Zfs_storage_appliance_kit, Sinema_remote_connect_server 9.8
2022-09-14 CVE-2022-40674 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Debian_linux, Fedora, Libexpat 8.1
2022-10-24 CVE-2022-43680 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Debian_linux, Fedora, Libexpat, Active_iq_unified_manager, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_compute_node_firmware, Oncommand_workflow_automation, Solidfire_\&_hci_management_node 7.5