VDB
CISA-2022-25315
CISA-2022-25315
PUBLISHED
CVSS 9.8 CRITICAL
Reported by mitre · Published February 18, 2022
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, * |
Timeline
- Feb 18, 2022 CVE Published
- May 5, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- x_refsource_MISC
- [oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes mailing-listx_refsource_MLIST
- DSA-5085 vendor-advisoryx_refsource_DEBIAN
- FEDORA-2022-04f206996b vendor-advisoryx_refsource_FEDORA
- FEDORA-2022-3d9d67f558 vendor-advisoryx_refsource_FEDORA
- [debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update mailing-listx_refsource_MLIST
- x_refsource_MISC
- x_refsource_CONFIRM
- x_refsource_CONFIRM
- GLSA-202209-24 vendor-advisoryx_refsource_GENTOO