CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

History

14 Jun 2022, 11:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf -

25 Feb 2022, 18:49

Type Values Removed Values Added
References (DEBIAN) https://www.debian.org/security/2022/dsa-5073 - (DEBIAN) https://www.debian.org/security/2022/dsa-5073 - Third Party Advisory
References (CONFIRM) https://www.tenable.com/security/tns-2022-05 - (CONFIRM) https://www.tenable.com/security/tns-2022-05 - Third Party Advisory
CPE cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

14 Feb 2022, 12:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5073 -

09 Feb 2022, 01:15

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2022-05 -

05 Feb 2022, 04:01

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 - (MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 - Mailing List, Release Notes, Third Party Advisory

17 Jan 2022, 22:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 -

13 Jan 2022, 20:11

Type Values Removed Values Added
CWE CWE-190
References (MISC) https://github.com/libexpat/libexpat/pull/539 - (MISC) https://github.com/libexpat/libexpat/pull/539 - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

10 Jan 2022, 14:14

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 14:12

Updated : 2024-02-04 22:08


NVD link : CVE-2022-22822

Mitre link : CVE-2022-22822

CVE.ORG link : CVE-2022-22822


JSON object : View

Products Affected

tenable

  • nessus

libexpat_project

  • libexpat

debian

  • debian_linux

siemens

  • sinema_remote_connect_server
CWE
CWE-190

Integer Overflow or Wraparound