Bug 2130769 (CVE-2022-40674)
| Summary: | CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sandipan Roy <saroy> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | adudiak, arachman, bdettelb, caswilli, csutherl, dffrench, dkuc, erack, erik-fedora, fhrdina, fjansen, gzaronik, igor.raits, jburrell, jclere, jhorak, jkoehler, jonathan, jorton, jwong, jwon, kaycoth, kshier, lveyde, manisandro, michal.skrivanek, micjohns, mperina, mturk, ngough, peholase, pjindal, plodge, psegedy, rcritten, rgodfrey, rh-bugzilla, rh-spice-bugs, rjones, stcannon, sthirugn, stransky, szappis, tcarlin, tfister, tkorbar, tpopela, tsasak, vkrizan, vmugicag |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | expat 2.4.9 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags, this will return without calling storeRawNames to ensure that the raw versions of the tag names are stored in memory other than the parse buffer itself. Issues occur if the parse buffer is changed or reallocated (for example, if processing a file line by line), problems occur. Using this vulnerability in the doContent function allows an attacker to triage a denial of service or potentially arbitrary code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-17 07:18:21 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2130771, 2130772, 2130773, 2130774, 2130775, 2130776, 2130777, 2130778, 2130779, 2130780, 2130781, 2130782, 2130783, 2130784, 2130785, 2130786, 2130787, 2130788, 2130789, 2130790, 2130791, 2130792, 2130793, 2130794, 2130795, 2130796, 2130797, 2130798, 2130799, 2130800, 2130801, 2130802, 2130803, 2130804, 2130805, 2130806, 2130807, 2130808, 2130809, 2130810, 2130811, 2130812, 2130813, 2130814, 2130815, 2130816, 2130817, 2130818, 2130819, 2130820, 2130821, 2130822, 2130823, 2130824, 2130825, 2130826, 2130827, 2130828, 2130829, 2130830, 2130831, 2130832, 2130833, 2132277 | ||
| Bug Blocks: | 2126822 | ||
|
Description
Sandipan Roy
2022-09-29 05:02:33 UTC
Created expat tracking bugs for this issue: Affects: fedora-35 [bug 2130777] Affects: fedora-36 [bug 2130780] Created mingw-expat tracking bugs for this issue: Affects: fedora-35 [bug 2130778] Affects: fedora-36 [bug 2130781] Created xmlrpc-c tracking bugs for this issue: Affects: fedora-35 [bug 2130779] Affects: fedora-36 [bug 2130782] This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6831 https://access.redhat.com/errata/RHSA-2022:6831 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:6833 https://access.redhat.com/errata/RHSA-2022:6833 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6832 https://access.redhat.com/errata/RHSA-2022:6832 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6834 https://access.redhat.com/errata/RHSA-2022:6834 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:6838 https://access.redhat.com/errata/RHSA-2022:6838 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:6878 https://access.redhat.com/errata/RHSA-2022:6878 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:6921 https://access.redhat.com/errata/RHSA-2022:6921 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:6967 https://access.redhat.com/errata/RHSA-2022:6967 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:6995 https://access.redhat.com/errata/RHSA-2022:6995 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:6996 https://access.redhat.com/errata/RHSA-2022:6996 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6997 https://access.redhat.com/errata/RHSA-2022:6997 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:6998 https://access.redhat.com/errata/RHSA-2022:6998 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:7019 https://access.redhat.com/errata/RHSA-2022:7019 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:7021 https://access.redhat.com/errata/RHSA-2022:7021 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:7022 https://access.redhat.com/errata/RHSA-2022:7022 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7020 https://access.redhat.com/errata/RHSA-2022:7020 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7026 https://access.redhat.com/errata/RHSA-2022:7026 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7023 https://access.redhat.com/errata/RHSA-2022:7023 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7024 https://access.redhat.com/errata/RHSA-2022:7024 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:7025 https://access.redhat.com/errata/RHSA-2022:7025 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:8598 https://access.redhat.com/errata/RHSA-2022:8598 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-40674 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:3068 https://access.redhat.com/errata/RHSA-2023:3068 |