Bug 2048356 (CVE-2022-23990) - CVE-2022-23990 expat: integer overflow in the doProlog function
Summary: CVE-2022-23990 expat: integer overflow in the doProlog function
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-23990
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2050214 2050215 2050503 2050504 2138776 2138777 2138778 2138779 2138780 2138781 2138782 2138783 2138784 2138785
Blocks: 2048357
TreeView+ depends on / blocked
 
Reported: 2022-01-31 04:24 UTC by Avinash Hanwate
Modified: 2023-05-16 16:16 UTC (History)
21 users (show)

Fixed In Version: expat 2.4.4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.
Clone Of:
Environment:
Last Closed: 2022-12-03 21:03:47 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:7143 0 None None None 2022-10-26 20:21:38 UTC
Red Hat Product Errata RHSA-2022:7144 0 None None None 2022-10-26 20:08:07 UTC
Red Hat Product Errata RHSA-2022:7811 0 None None None 2022-11-08 10:34:02 UTC

Description Avinash Hanwate 2022-01-31 04:24:16 UTC 
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

https://github.com/libexpat/libexpat/pull/551
Comment 2 Avinash Hanwate 2022-02-03 13:09:32 UTC 
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 2050215]


Created mingw-expat tracking bugs for this issue:

Affects: fedora-all [bug 2050214]
Comment 5 Kiran Darbha 2022-09-23 06:15:07 UTC 
I have this vulnerability shown by Twistlock scans - but its on ubi-minimal 8.6.x. When I check on the Red Hat Advisory here- https://access.redhat.com/security/cve/CVE-2022-23990, it doesn't mention about RHEL v8.x; does that mean, this RHEL v8.x is NOT AFFECTED 
 by this vulnerability(CVE-2022-23990) ??
Comment 6 errata-xmlrpc 2022-10-26 20:08:04 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 7 errata-xmlrpc 2022-10-26 20:21:34 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
Comment 11 errata-xmlrpc 2022-11-08 10:33:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7811 https://access.redhat.com/errata/RHSA-2022:7811
Comment 12 Product Security DevOps Team 2022-12-03 21:03:44 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-23990
Note You need to log in before you can comment on or make changes to this bug.