Bug 2056363 (CVE-2022-25315) - CVE-2022-25315 expat: Integer overflow in storeRawNames()
Summary: CVE-2022-25315 expat: Integer overflow in storeRawNames()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-25315
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2056364 2056365 2057121 2057122 2057123 2057124 2057125 2057126 2057127 2057128 2057323 2057324 2057431 2058118 2058119 2058120 2058121 2058122 2058123 2058124 2058125 2058126 2058127 2058128 2058129 2058130 2058131 2058132 2058133 2058134 2058135 2058136 2058137 2058138 2058139 2058140 2058141 2058351 2058354 2065579 2065582 2070471 2072091
Blocks: 2056373
TreeView+ depends on / blocked
 
Reported: 2022-02-21 05:10 UTC by Avinash Hanwate
Modified: 2023-05-16 16:16 UTC (History)
46 users (show)

Fixed In Version: expat 2.4.5
Doc Type: If docs needed, set a value
Doc Text:
An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.
Clone Of:
Environment:
Last Closed: 2022-12-03 23:33:18 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0953 0 None None None 2022-03-16 21:53:33 UTC
Red Hat Product Errata RHBA-2022:0957 0 None None None 2022-03-17 15:58:21 UTC
Red Hat Product Errata RHBA-2022:0959 0 None None None 2022-03-17 17:17:49 UTC
Red Hat Product Errata RHBA-2022:0960 0 None None None 2022-03-17 17:34:07 UTC
Red Hat Product Errata RHBA-2022:0964 0 None None None 2022-03-17 21:26:54 UTC
Red Hat Product Errata RHBA-2022:0965 0 None None None 2022-03-17 21:56:42 UTC
Red Hat Product Errata RHBA-2022:0976 0 None None None 2022-03-21 11:35:13 UTC
Red Hat Product Errata RHBA-2022:0977 0 None None None 2022-03-21 11:36:20 UTC
Red Hat Product Errata RHBA-2022:0978 0 None None None 2022-03-21 11:36:47 UTC
Red Hat Product Errata RHBA-2022:0979 0 None None None 2022-03-21 14:37:07 UTC
Red Hat Product Errata RHBA-2022:0980 0 None None None 2022-03-21 14:44:43 UTC
Red Hat Product Errata RHBA-2022:0981 0 None None None 2022-03-21 14:42:14 UTC
Red Hat Product Errata RHBA-2022:1005 0 None None None 2022-03-22 08:41:42 UTC
Red Hat Product Errata RHBA-2022:1014 0 None None None 2022-03-22 17:10:58 UTC
Red Hat Product Errata RHBA-2022:1016 0 None None None 2022-03-22 20:25:13 UTC
Red Hat Product Errata RHBA-2022:1031 0 None Closed Specify ImageContentSourcePolicy source without, adding source to allowedRegistries 2022-04-29 20:39:35 UTC
Red Hat Product Errata RHBA-2022:1046 0 None None None 2022-03-24 09:35:47 UTC
Red Hat Product Errata RHBA-2022:1048 0 None None None 2022-03-24 10:43:23 UTC
Red Hat Product Errata RHBA-2022:1057 0 None None None 2022-03-24 16:13:24 UTC
Red Hat Product Errata RHBA-2022:1058 0 None None None 2022-03-24 15:32:32 UTC
Red Hat Product Errata RHBA-2022:1079 0 None Closed Cluster Version Operator timeout at bypassed proxy. 2022-04-29 14:25:52 UTC
Red Hat Product Errata RHBA-2022:1085 0 None None None 2022-03-28 18:10:48 UTC
Red Hat Product Errata RHBA-2022:1089 0 None None None 2022-03-29 01:11:48 UTC
Red Hat Product Errata RHBA-2022:1099 0 None None None 2022-03-29 07:42:25 UTC
Red Hat Product Errata RHBA-2022:1100 0 None None None 2022-03-29 07:40:07 UTC
Red Hat Product Errata RHBA-2022:1101 0 None None None 2022-03-29 08:13:39 UTC
Red Hat Product Errata RHBA-2022:1117 0 None None None 2022-03-29 15:05:28 UTC
Red Hat Product Errata RHBA-2022:1118 0 None None None 2022-03-29 15:07:28 UTC
Red Hat Product Errata RHBA-2022:1119 0 None None None 2022-03-29 15:08:34 UTC
Red Hat Product Errata RHBA-2022:1120 0 None None None 2022-03-29 15:11:57 UTC
Red Hat Product Errata RHBA-2022:1121 0 None None None 2022-03-29 15:10:22 UTC
Red Hat Product Errata RHBA-2022:1122 0 None None None 2022-03-29 15:17:58 UTC
Red Hat Product Errata RHBA-2022:1125 0 None None None 2022-03-29 15:36:49 UTC
Red Hat Product Errata RHBA-2022:1126 0 None None None 2022-03-29 19:10:54 UTC
Red Hat Product Errata RHBA-2022:1127 0 None None None 2022-03-29 19:11:48 UTC
Red Hat Product Errata RHBA-2022:1130 0 None None None 2022-03-29 17:45:29 UTC
Red Hat Product Errata RHBA-2022:1131 0 None None None 2022-03-29 18:13:34 UTC
Red Hat Product Errata RHBA-2022:1140 0 None None None 2022-03-30 13:35:50 UTC
Red Hat Product Errata RHBA-2022:1150 0 None None None 2022-03-31 18:41:28 UTC
Red Hat Product Errata RHBA-2022:1172 0 None None None 2022-04-04 08:24:23 UTC
Red Hat Product Errata RHBA-2022:1176 0 None None None 2022-04-04 10:45:32 UTC
Red Hat Product Errata RHBA-2022:1191 0 None None None 2022-04-05 13:28:44 UTC
Red Hat Product Errata RHBA-2022:1258 0 None None None 2022-04-06 17:10:19 UTC
Red Hat Product Errata RHBA-2022:1289 0 None None None 2022-04-11 05:59:57 UTC
Red Hat Product Errata RHBA-2022:1308 0 None None None 2022-04-11 14:51:13 UTC
Red Hat Product Errata RHBA-2022:1319 0 None None None 2022-04-12 11:31:17 UTC
Red Hat Product Errata RHBA-2022:1380 0 None None None 2022-04-18 10:57:34 UTC
Red Hat Product Errata RHBA-2022:1385 0 None None None 2022-04-18 13:53:41 UTC
Red Hat Product Errata RHBA-2022:1392 0 None None None 2022-04-19 08:56:40 UTC
Red Hat Product Errata RHBA-2022:1434 0 None None None 2022-04-20 06:53:12 UTC
Red Hat Product Errata RHBA-2022:1495 0 None None None 2022-04-21 14:02:53 UTC
Red Hat Product Errata RHBA-2022:1507 0 None None None 2022-04-21 16:14:56 UTC
Red Hat Product Errata RHBA-2022:1608 0 None None None 2022-04-27 07:56:53 UTC
Red Hat Product Errata RHBA-2022:1609 0 None None None 2022-04-27 07:16:18 UTC
Red Hat Product Errata RHBA-2022:1610 0 None None None 2022-04-27 07:17:58 UTC
Red Hat Product Errata RHBA-2022:1611 0 None None None 2022-04-27 07:19:07 UTC
Red Hat Product Errata RHBA-2022:1612 0 None None None 2022-04-27 07:20:47 UTC
Red Hat Product Errata RHBA-2022:1613 0 None None None 2022-04-27 07:21:35 UTC
Red Hat Product Errata RHBA-2022:1614 0 None None None 2022-04-27 07:23:20 UTC
Red Hat Product Errata RHBA-2022:1615 0 None None None 2022-04-27 07:23:55 UTC
Red Hat Product Errata RHBA-2022:1616 0 None None None 2022-04-27 07:27:25 UTC
Red Hat Product Errata RHBA-2022:1639 0 None None None 2022-04-28 06:36:13 UTC
Red Hat Product Errata RHSA-2022:0815 0 None None None 2022-03-10 15:06:28 UTC
Red Hat Product Errata RHSA-2022:0816 0 None None None 2022-03-10 15:14:23 UTC
Red Hat Product Errata RHSA-2022:0817 0 None None None 2022-03-10 15:24:32 UTC
Red Hat Product Errata RHSA-2022:0818 0 None None None 2022-03-10 15:18:35 UTC
Red Hat Product Errata RHSA-2022:0824 0 None None None 2022-03-10 16:27:54 UTC
Red Hat Product Errata RHSA-2022:0843 0 None None None 2022-03-14 10:04:39 UTC
Red Hat Product Errata RHSA-2022:0845 0 None None None 2022-03-14 10:13:12 UTC
Red Hat Product Errata RHSA-2022:0847 0 None None None 2022-03-14 10:07:45 UTC
Red Hat Product Errata RHSA-2022:0850 0 None None None 2022-03-14 10:44:30 UTC
Red Hat Product Errata RHSA-2022:0853 0 None None None 2022-03-14 10:26:06 UTC
Red Hat Product Errata RHSA-2022:0951 0 None None None 2022-03-16 16:17:21 UTC
Red Hat Product Errata RHSA-2022:1012 0 None None None 2022-03-22 16:20:12 UTC
Red Hat Product Errata RHSA-2022:1053 0 None None None 2022-03-24 13:30:49 UTC
Red Hat Product Errata RHSA-2022:1068 0 None None None 2022-03-28 08:56:27 UTC
Red Hat Product Errata RHSA-2022:1069 0 None None None 2022-03-28 11:49:46 UTC
Red Hat Product Errata RHSA-2022:1070 0 None None None 2022-03-28 09:43:07 UTC
Red Hat Product Errata RHSA-2022:1263 0 None None None 2022-04-07 09:03:38 UTC
Red Hat Product Errata RHSA-2022:1309 0 None None None 2022-04-12 15:45:35 UTC
Red Hat Product Errata RHSA-2022:7143 0 None None None 2022-10-26 20:22:25 UTC
Red Hat Product Errata RHSA-2022:7144 0 None None None 2022-10-26 20:08:23 UTC
Red Hat Product Errata RHSA-2022:7811 0 None None None 2022-11-08 10:34:28 UTC

Description Avinash Hanwate 2022-02-21 05:10:16 UTC 
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

https://github.com/libexpat/libexpat/pull/559
http://www.openwall.com/lists/oss-security/2022/02/19/1
Comment 1 Avinash Hanwate 2022-02-21 05:10:46 UTC 
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 2056364]


Created mingw-expat tracking bugs for this issue:

Affects: fedora-all [bug 2056365]
Comment 2 Mauro Matteo Cascella 2022-02-22 18:26:23 UTC 
Upstream commit:
https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9
Comment 8 Mauro Matteo Cascella 2022-02-23 11:52:00 UTC 
Created xmlrpc-c tracking bugs for this issue:

Affects: fedora-all [bug 2057431]
Comment 16 errata-xmlrpc 2022-03-10 15:06:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0815 https://access.redhat.com/errata/RHSA-2022:0815
Comment 17 errata-xmlrpc 2022-03-10 15:14:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0816 https://access.redhat.com/errata/RHSA-2022:0816
Comment 18 errata-xmlrpc 2022-03-10 15:18:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0818 https://access.redhat.com/errata/RHSA-2022:0818
Comment 19 errata-xmlrpc 2022-03-10 15:24:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0817 https://access.redhat.com/errata/RHSA-2022:0817
Comment 20 errata-xmlrpc 2022-03-10 16:27:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0824 https://access.redhat.com/errata/RHSA-2022:0824
Comment 21 errata-xmlrpc 2022-03-14 10:04:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0843 https://access.redhat.com/errata/RHSA-2022:0843
Comment 22 errata-xmlrpc 2022-03-14 10:07:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0847 https://access.redhat.com/errata/RHSA-2022:0847
Comment 23 errata-xmlrpc 2022-03-14 10:13:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0845 https://access.redhat.com/errata/RHSA-2022:0845
Comment 24 errata-xmlrpc 2022-03-14 10:26:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0853 https://access.redhat.com/errata/RHSA-2022:0853
Comment 25 errata-xmlrpc 2022-03-14 10:44:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0850 https://access.redhat.com/errata/RHSA-2022:0850
Comment 26 errata-xmlrpc 2022-03-16 16:17:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Comment 27 Sandro Bonazzola 2022-03-18 09:18:44 UTC 
Created expat tracking bugs for this issue:

Affects: oVirt 4.4 [ bug 2065579 ]

Affects: CentOS Stream 8 [ bug 2065582 ]
Comment 28 errata-xmlrpc 2022-03-22 16:20:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1012 https://access.redhat.com/errata/RHSA-2022:1012
Comment 29 errata-xmlrpc 2022-03-24 13:30:46 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:1053 https://access.redhat.com/errata/RHSA-2022:1053
Comment 32 errata-xmlrpc 2022-03-28 08:56:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1068 https://access.redhat.com/errata/RHSA-2022:1068
Comment 33 errata-xmlrpc 2022-03-28 09:43:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1070 https://access.redhat.com/errata/RHSA-2022:1070
Comment 34 errata-xmlrpc 2022-03-28 11:49:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
Comment 36 errata-xmlrpc 2022-04-07 09:03:34 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
Comment 37 errata-xmlrpc 2022-04-12 15:45:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:1309 https://access.redhat.com/errata/RHSA-2022:1309
Comment 38 errata-xmlrpc 2022-10-26 20:08:18 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 39 errata-xmlrpc 2022-10-26 20:22:19 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
Comment 41 errata-xmlrpc 2022-11-08 10:34:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7811 https://access.redhat.com/errata/RHSA-2022:7811
Comment 42 Product Security DevOps Team 2022-12-03 23:33:12 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-25315
Note You need to log in before you can comment on or make changes to this bug.