CNVD-2022-18354 — Vulnetix

CNVD-2022-18354 PUBLISHED

Expat是一款使用C语言编写的快速流式XML解析器。 Expat 2.4.5之前存在安全漏洞，攻击者可利用该漏洞通过DTD元素中的较大嵌套深度触发build_model中的堆栈耗尽。

Affected Products

Vendor	Product	Versions
	Expat Expat <2.4.5

Exploit Intelligence

Trinadh465/external_expat-2.1.0_CVE-2022-25313 (github-poc)
ShaikUsaf/external_expact_AOSP10_r33_CVE-2022-25313 (github-poc)

Timeline

Feb 22, 2022 CVE ID Reserved
Mar 11, 2022 CVE Published

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›