Bug 2044457 (CVE-2022-22822) - CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c
Summary: CVE-2022-22822 expat: Integer overflow in addBinding in xmlparse.c
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-22822
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: Red Hat2053208 2044458 Red Hat2052254 Red Hat2052255 Red Hat2052256 Red Hat2052257 Red Hat2052258 Red Hat2052259 Red Hat2052260 Red Hat2058567 Red Hat2058568 Red Hat2058569 Red Hat2058570 Red Hat2058571 Red Hat2058572 Red Hat2060192 Red Hat2060197 Red Hat2060199 Red Hat2060203 Red Hat2060208 Red Hat2060210
Blocks: Embargoed2044492
TreeView+ depends on / blocked
 
Reported: 2022-01-24 16:29 UTC by Pedro Sampaio
Modified: 2023-05-16 16:16 UTC (History)
35 users (show)

Fixed In Version: expat 2.4.3
Doc Type: If docs needed, set a value
Doc Text:
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.
Clone Of:
Environment:
Last Closed: 2022-05-05 01:45:29 UTC

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0953 0 None None None 2022-03-16 21:53:13 UTC
Red Hat Product Errata RHBA-2022:0957 0 None None None 2022-03-17 15:58:01 UTC
Red Hat Product Errata RHBA-2022:0959 0 None None None 2022-03-17 17:17:37 UTC
Red Hat Product Errata RHBA-2022:0960 0 None None None 2022-03-17 17:33:56 UTC
Red Hat Product Errata RHBA-2022:0964 0 None None None 2022-03-17 21:26:41 UTC
Red Hat Product Errata RHBA-2022:0965 0 None None None 2022-03-17 21:56:29 UTC
Red Hat Product Errata RHBA-2022:0976 0 None None None 2022-03-21 11:34:59 UTC
Red Hat Product Errata RHBA-2022:0977 0 None None None 2022-03-21 11:36:06 UTC
Red Hat Product Errata RHBA-2022:0978 0 None None None 2022-03-21 11:36:33 UTC
Red Hat Product Errata RHBA-2022:0979 0 None None None 2022-03-21 14:36:51 UTC
Red Hat Product Errata RHBA-2022:0980 0 None None None 2022-03-21 14:44:27 UTC
Red Hat Product Errata RHBA-2022:0981 0 None None None 2022-03-21 14:42:03 UTC
Red Hat Product Errata RHBA-2022:1005 0 None None None 2022-03-22 08:41:26 UTC
Red Hat Product Errata RHBA-2022:1014 0 None None None 2022-03-22 17:10:39 UTC
Red Hat Product Errata RHBA-2022:1031 0 None None None 2022-03-23 11:12:47 UTC
Red Hat Product Errata RHBA-2022:1046 0 None None None 2022-03-24 09:35:33 UTC
Red Hat Product Errata RHBA-2022:1048 0 None None None 2022-03-24 10:42:47 UTC
Red Hat Product Errata RHBA-2022:1057 0 None None None 2022-03-24 16:13:11 UTC
Red Hat Product Errata RHBA-2022:1058 0 None None None 2022-03-24 15:32:16 UTC
Red Hat Product Errata RHBA-2022:1079 0 None None None 2022-03-28 11:32:00 UTC
Red Hat Product Errata RHBA-2022:1085 0 None None None 2022-03-28 18:10:33 UTC
Red Hat Product Errata RHBA-2022:1089 0 None None None 2022-03-29 01:11:34 UTC
Red Hat Product Errata RHBA-2022:1099 0 None None None 2022-03-29 07:42:05 UTC
Red Hat Product Errata RHBA-2022:1100 0 None None None 2022-03-29 07:39:50 UTC
Red Hat Product Errata RHBA-2022:1101 0 None None None 2022-03-29 08:13:21 UTC
Red Hat Product Errata RHBA-2022:1117 0 None None None 2022-03-29 15:05:13 UTC
Red Hat Product Errata RHBA-2022:1118 0 None None None 2022-03-29 15:07:14 UTC
Red Hat Product Errata RHBA-2022:1119 0 None None None 2022-03-29 15:08:18 UTC
Red Hat Product Errata RHBA-2022:1120 0 None None None 2022-03-29 15:11:44 UTC
Red Hat Product Errata RHBA-2022:1121 0 None None None 2022-03-29 15:10:07 UTC
Red Hat Product Errata RHBA-2022:1122 0 None None None 2022-03-29 15:17:40 UTC
Red Hat Product Errata RHBA-2022:1125 0 None None None 2022-03-29 15:36:35 UTC
Red Hat Product Errata RHBA-2022:1126 0 None None None 2022-03-29 19:10:40 UTC
Red Hat Product Errata RHBA-2022:1127 0 None None None 2022-03-29 19:11:35 UTC
Red Hat Product Errata RHBA-2022:1130 0 None None None 2022-03-29 17:45:15 UTC
Red Hat Product Errata RHBA-2022:1131 0 None None None 2022-03-29 18:13:20 UTC
Red Hat Product Errata RHBA-2022:1140 0 None None None 2022-03-30 13:35:34 UTC
Red Hat Product Errata RHBA-2022:1150 0 None None None 2022-03-31 18:41:14 UTC
Red Hat Product Errata RHBA-2022:1172 0 None None None 2022-04-04 08:24:09 UTC
Red Hat Product Errata RHBA-2022:1176 0 None None None 2022-04-04 10:45:10 UTC
Red Hat Product Errata RHBA-2022:1191 0 None None None 2022-04-05 13:28:29 UTC
Red Hat Product Errata RHBA-2022:1258 0 None None None 2022-04-06 17:09:59 UTC
Red Hat Product Errata RHBA-2022:1289 0 None None None 2022-04-11 05:59:40 UTC
Red Hat Product Errata RHBA-2022:1308 0 None None None 2022-04-11 14:50:53 UTC
Red Hat Product Errata RHBA-2022:1319 0 None None None 2022-04-12 11:31:02 UTC
Red Hat Product Errata RHBA-2022:1380 0 None None None 2022-04-18 10:56:52 UTC
Red Hat Product Errata RHBA-2022:1385 0 None None None 2022-04-18 13:53:52 UTC
Red Hat Product Errata RHBA-2022:1392 0 None None None 2022-04-19 08:56:26 UTC
Red Hat Product Errata RHBA-2022:1434 0 None None None 2022-04-20 06:53:01 UTC
Red Hat Product Errata RHBA-2022:1495 0 None None None 2022-04-21 14:02:32 UTC
Red Hat Product Errata RHBA-2022:1507 0 None None None 2022-04-21 16:14:36 UTC
Red Hat Product Errata RHBA-2022:1608 0 None None None 2022-04-27 07:56:32 UTC
Red Hat Product Errata RHBA-2022:1609 0 None Waiting on Customer [RFE] Add dash-to-panel gnome-shell extension to rhel8. 2022-05-11 07:04:05 UTC
Red Hat Product Errata RHBA-2022:1610 0 None None None 2022-04-27 07:17:44 UTC
Red Hat Product Errata RHBA-2022:1611 0 None None None 2022-04-27 07:18:53 UTC
Red Hat Product Errata RHBA-2022:1612 0 None None None 2022-04-27 07:20:31 UTC
Red Hat Product Errata RHBA-2022:1613 0 None None None 2022-04-27 07:21:20 UTC
Red Hat Product Errata RHBA-2022:1614 0 None None None 2022-04-27 07:23:07 UTC
Red Hat Product Errata RHBA-2022:1615 0 None None None 2022-04-27 07:23:42 UTC
Red Hat Product Errata RHBA-2022:1616 0 None None None 2022-04-27 07:27:10 UTC
Red Hat Product Errata RHSA-2022:0951 0 None None None 2022-03-16 16:16:41 UTC
Red Hat Product Errata RHSA-2022:1069 0 None None None 2022-03-28 11:49:18 UTC
Red Hat Product Errata RHSA-2022:7143 0 None None None 2022-10-26 20:20:56 UTC
Red Hat Product Errata RHSA-2022:7144 0 None None None 2022-10-26 20:07:33 UTC
Red Hat Product Errata RHSA-2022:7692 0 None None None 2022-11-08 10:11:17 UTC

Description Pedro Sampaio 2022-01-24 16:29:38 UTC 
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 

References:

https://github.com/libexpat/libexpat/pull/539
http://www.openwall.com/lists/oss-security/2022/01/17/3
Comment 1 Pedro Sampaio 2022-01-24 16:29:58 UTC 
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 2044458]
Comment 10 errata-xmlrpc 2022-03-16 16:16:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Comment 11 errata-xmlrpc 2022-03-28 11:49:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
Comment 12 Product Security DevOps Team 2022-05-05 01:45:25 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-22822
Comment 14 errata-xmlrpc 2022-10-26 20:07:30 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 15 errata-xmlrpc 2022-10-26 20:20:53 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
Comment 16 errata-xmlrpc 2022-11-08 10:11:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7692 https://access.redhat.com/errata/RHSA-2022:7692
Note You need to log in before you can comment on or make changes to this bug.