Bug 2044457 (CVE-2022-22822) - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c
Summary: CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-22822
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2053208 2044458 2052254 2052255 2052256 2052257 2052258 2052259 2052260 2058567 2058568 2058569 2058570 2058571 2058572 2060192 2060197 2060199 2060203 2060208 2060210
Blocks: 2044492
TreeView+ depends on / blocked
 
Reported: 2022-01-24 16:29 UTC by Pedro Sampaio
Modified: 2023-05-16 16:16 UTC (History)
35 users (show)

Fixed In Version: expat 2.4.3
Doc Type: If docs needed, set a value
Doc Text:
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2022-05-05 01:45:29 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0953 0 None None None 2022-03-16 21:53:13 UTC
Red Hat Product Errata RHBA-2022:0957 0 None None None 2022-03-17 15:58:01 UTC
Red Hat Product Errata RHBA-2022:0959 0 None None None 2022-03-17 17:17:37 UTC
Red Hat Product Errata RHBA-2022:0960 0 None None None 2022-03-17 17:33:56 UTC
Red Hat Product Errata RHBA-2022:0964 0 None None None 2022-03-17 21:26:41 UTC
Red Hat Product Errata RHBA-2022:0965 0 None None None 2022-03-17 21:56:29 UTC
Red Hat Product Errata RHBA-2022:0976 0 None None None 2022-03-21 11:34:59 UTC
Red Hat Product Errata RHBA-2022:0977 0 None None None 2022-03-21 11:36:06 UTC
Red Hat Product Errata RHBA-2022:0978 0 None None None 2022-03-21 11:36:33 UTC
Red Hat Product Errata RHBA-2022:0979 0 None None None 2022-03-21 14:36:51 UTC
Red Hat Product Errata RHBA-2022:0980 0 None None None 2022-03-21 14:44:27 UTC
Red Hat Product Errata RHBA-2022:0981 0 None None None 2022-03-21 14:42:03 UTC
Red Hat Product Errata RHBA-2022:1005 0 None None None 2022-03-22 08:41:26 UTC
Red Hat Product Errata RHBA-2022:1014 0 None None None 2022-03-22 17:10:39 UTC
Red Hat Product Errata RHBA-2022:1031 0 None None None 2022-03-23 11:12:47 UTC
Red Hat Product Errata RHBA-2022:1046 0 None None None 2022-03-24 09:35:33 UTC
Red Hat Product Errata RHBA-2022:1048 0 None None None 2022-03-24 10:42:47 UTC
Red Hat Product Errata RHBA-2022:1057 0 None None None 2022-03-24 16:13:11 UTC
Red Hat Product Errata RHBA-2022:1058 0 None None None 2022-03-24 15:32:16 UTC
Red Hat Product Errata RHBA-2022:1079 0 None None None 2022-03-28 11:32:00 UTC
Red Hat Product Errata RHBA-2022:1085 0 None None None 2022-03-28 18:10:33 UTC
Red Hat Product Errata RHBA-2022:1089 0 None None None 2022-03-29 01:11:34 UTC
Red Hat Product Errata RHBA-2022:1099 0 None None None 2022-03-29 07:42:05 UTC
Red Hat Product Errata RHBA-2022:1100 0 None None None 2022-03-29 07:39:50 UTC
Red Hat Product Errata RHBA-2022:1101 0 None None None 2022-03-29 08:13:21 UTC
Red Hat Product Errata RHBA-2022:1117 0 None None None 2022-03-29 15:05:13 UTC
Red Hat Product Errata RHBA-2022:1118 0 None None None 2022-03-29 15:07:14 UTC
Red Hat Product Errata RHBA-2022:1119 0 None None None 2022-03-29 15:08:18 UTC
Red Hat Product Errata RHBA-2022:1120 0 None None None 2022-03-29 15:11:44 UTC
Red Hat Product Errata RHBA-2022:1121 0 None None None 2022-03-29 15:10:07 UTC
Red Hat Product Errata RHBA-2022:1122 0 None None None 2022-03-29 15:17:40 UTC
Red Hat Product Errata RHBA-2022:1125 0 None None None 2022-03-29 15:36:35 UTC
Red Hat Product Errata RHBA-2022:1126 0 None None None 2022-03-29 19:10:40 UTC
Red Hat Product Errata RHBA-2022:1127 0 None None None 2022-03-29 19:11:35 UTC
Red Hat Product Errata RHBA-2022:1130 0 None None None 2022-03-29 17:45:15 UTC
Red Hat Product Errata RHBA-2022:1131 0 None None None 2022-03-29 18:13:20 UTC
Red Hat Product Errata RHBA-2022:1140 0 None None None 2022-03-30 13:35:34 UTC
Red Hat Product Errata RHBA-2022:1150 0 None None None 2022-03-31 18:41:14 UTC
Red Hat Product Errata RHBA-2022:1172 0 None None None 2022-04-04 08:24:09 UTC
Red Hat Product Errata RHBA-2022:1176 0 None None None 2022-04-04 10:45:10 UTC
Red Hat Product Errata RHBA-2022:1191 0 None None None 2022-04-05 13:28:29 UTC
Red Hat Product Errata RHBA-2022:1258 0 None None None 2022-04-06 17:09:59 UTC
Red Hat Product Errata RHBA-2022:1289 0 None None None 2022-04-11 05:59:40 UTC
Red Hat Product Errata RHBA-2022:1308 0 None None None 2022-04-11 14:50:53 UTC
Red Hat Product Errata RHBA-2022:1319 0 None None None 2022-04-12 11:31:02 UTC
Red Hat Product Errata RHBA-2022:1380 0 None None None 2022-04-18 10:56:52 UTC
Red Hat Product Errata RHBA-2022:1385 0 None None None 2022-04-18 13:53:52 UTC
Red Hat Product Errata RHBA-2022:1392 0 None None None 2022-04-19 08:56:26 UTC
Red Hat Product Errata RHBA-2022:1434 0 None None None 2022-04-20 06:53:01 UTC
Red Hat Product Errata RHBA-2022:1495 0 None None None 2022-04-21 14:02:32 UTC
Red Hat Product Errata RHBA-2022:1507 0 None None None 2022-04-21 16:14:36 UTC
Red Hat Product Errata RHBA-2022:1608 0 None None None 2022-04-27 07:56:32 UTC
Red Hat Product Errata RHBA-2022:1609 0 None Waiting on Customer [RFE] Add dash-to-panel gnome-shell extension to rhel8. 2022-05-11 07:04:05 UTC
Red Hat Product Errata RHBA-2022:1610 0 None None None 2022-04-27 07:17:44 UTC
Red Hat Product Errata RHBA-2022:1611 0 None None None 2022-04-27 07:18:53 UTC
Red Hat Product Errata RHBA-2022:1612 0 None None None 2022-04-27 07:20:31 UTC
Red Hat Product Errata RHBA-2022:1613 0 None None None 2022-04-27 07:21:20 UTC
Red Hat Product Errata RHBA-2022:1614 0 None None None 2022-04-27 07:23:07 UTC
Red Hat Product Errata RHBA-2022:1615 0 None None None 2022-04-27 07:23:42 UTC
Red Hat Product Errata RHBA-2022:1616 0 None None None 2022-04-27 07:27:10 UTC
Red Hat Product Errata RHSA-2022:0951 0 None None None 2022-03-16 16:16:41 UTC
Red Hat Product Errata RHSA-2022:1069 0 None None None 2022-03-28 11:49:18 UTC
Red Hat Product Errata RHSA-2022:7143 0 None None None 2022-10-26 20:20:56 UTC
Red Hat Product Errata RHSA-2022:7144 0 None None None 2022-10-26 20:07:33 UTC
Red Hat Product Errata RHSA-2022:7692 0 None None None 2022-11-08 10:11:17 UTC

Description Pedro Sampaio 2022-01-24 16:29:38 UTC 
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 

References:

https://github.com/libexpat/libexpat/pull/539
http://www.openwall.com/lists/oss-security/2022/01/17/3
Comment 1 Pedro Sampaio 2022-01-24 16:29:58 UTC 
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 2044458]
Comment 10 errata-xmlrpc 2022-03-16 16:16:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Comment 11 errata-xmlrpc 2022-03-28 11:49:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
Comment 12 Product Security DevOps Team 2022-05-05 01:45:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-22822
Comment 14 errata-xmlrpc 2022-10-26 20:07:30 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 15 errata-xmlrpc 2022-10-26 20:20:53 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
Comment 16 errata-xmlrpc 2022-11-08 10:11:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7692 https://access.redhat.com/errata/RHSA-2022:7692
Note You need to log in before you can comment on or make changes to this bug.