CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

History

14 Jun 2022, 11:15

Type Values Removed Values Added
References
  • (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf -

25 Feb 2022, 18:50

Type Values Removed Values Added
CPE cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
References (DEBIAN) https://www.debian.org/security/2022/dsa-5073 - (DEBIAN) https://www.debian.org/security/2022/dsa-5073 - Third Party Advisory
References (CONFIRM) https://www.tenable.com/security/tns-2022-05 - (CONFIRM) https://www.tenable.com/security/tns-2022-05 - Third Party Advisory

14 Feb 2022, 12:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5073 -

09 Feb 2022, 01:15

Type Values Removed Values Added
References
  • (CONFIRM) https://www.tenable.com/security/tns-2022-05 -

05 Feb 2022, 04:01

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 - (MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 - Mailing List, Third Party Advisory

17 Jan 2022, 22:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 -

13 Jan 2022, 21:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
CWE CWE-190
CPE cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
References (MISC) https://github.com/libexpat/libexpat/pull/539 - (MISC) https://github.com/libexpat/libexpat/pull/539 - Third Party Advisory

10 Jan 2022, 14:14

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-10 14:12

Updated : 2024-02-04 22:08


NVD link : CVE-2022-22827

Mitre link : CVE-2022-22827

CVE.ORG link : CVE-2022-22827


JSON object : View

Products Affected

tenable

  • nessus

libexpat_project

  • libexpat

debian

  • debian_linux

siemens

  • sinema_remote_connect_server
CWE
CWE-190

Integer Overflow or Wraparound