In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. https://github.com/libexpat/libexpat/pull/559 http://www.openwall.com/lists/oss-security/2022/02/19/1
Created expat tracking bugs for this issue: Affects: fedora-all [bug 2056364] Created mingw-expat tracking bugs for this issue: Affects: fedora-all [bug 2056365]
Upstream commit: https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
Created xmlrpc-c tracking bugs for this issue: Affects: fedora-all [bug 2057431]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0815 https://access.redhat.com/errata/RHSA-2022:0815
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0816 https://access.redhat.com/errata/RHSA-2022:0816
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0818 https://access.redhat.com/errata/RHSA-2022:0818
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0817 https://access.redhat.com/errata/RHSA-2022:0817
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0824 https://access.redhat.com/errata/RHSA-2022:0824
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0843 https://access.redhat.com/errata/RHSA-2022:0843
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:0847 https://access.redhat.com/errata/RHSA-2022:0847
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0845 https://access.redhat.com/errata/RHSA-2022:0845
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:0853 https://access.redhat.com/errata/RHSA-2022:0853
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:0850 https://access.redhat.com/errata/RHSA-2022:0850
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Created expat tracking bugs for this issue: Affects: oVirt 4.4 [ bug 2065579 ] Affects: CentOS Stream 8 [ bug 2065582 ]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Extended Update Support Via RHSA-2022:1012 https://access.redhat.com/errata/RHSA-2022:1012
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Via RHSA-2022:1053 https://access.redhat.com/errata/RHSA-2022:1053
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2022:1068 https://access.redhat.com/errata/RHSA-2022:1068
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:1070 https://access.redhat.com/errata/RHSA-2022:1070
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Extended Lifecycle Support Via RHSA-2022:1309 https://access.redhat.com/errata/RHSA-2022:1309
This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
This issue has been addressed in the following products: JBoss Core Services on RHEL 7 JBoss Core Services for RHEL 8 Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7811 https://access.redhat.com/errata/RHSA-2022:7811
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25315