Bug 2044613 (CVE-2022-23852)

Summary: CVE-2022-23852 expat: Integer overflow in function XML_GetBuffer
Product: [Other] Security Response Reporter: Todd Cullum <tcullum>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anwa, bdettelb, caswilli, cschalle, csutherl, erack, fhrdina, fjansen, fkrska, gzaronik, jburrell, jclere, jhorak, jorton, jwong, jwon, kaycoth, krathod, micjohns, mturk, nmadhesh, nobody, pjindal, psegedy, security-response-team, sthirugn, stransky, szappis, tcarlin, tkasparek, tkorbar, tpopela, tsasak, vkrizan, vkumar, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: expat 2.4.4 Doc Type: If docs needed, set a value
Doc Text:
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-05 03:15:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2050873, 2050874, 2052313, 2052314, 2052315, 2052316, 2052317, 2052318, 2052319, 2052320, 2077350    
Bug Blocks: 2044595    

Description Todd Cullum 2022-01-24 20:06:27 UTC 
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

PR: https://github.com/libexpat/libexpat/pull/550
Reference: https://bugzilla.suse.com/1195054
Comment 7 devthomp 2022-02-09 00:44:15 UTC 
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 2052320]
Comment 10 errata-xmlrpc 2022-03-16 16:17:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Comment 12 errata-xmlrpc 2022-03-28 11:49:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
Comment 16 Product Security DevOps Team 2022-05-05 03:15:16 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-23852
Comment 17 errata-xmlrpc 2022-05-31 12:24:00 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:4834 https://access.redhat.com/errata/RHSA-2022:4834
Comment 18 errata-xmlrpc 2022-10-26 20:08:01 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 19 errata-xmlrpc 2022-10-26 20:21:32 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143