Bug 2056366 (CVE-2022-25235) - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution
Summary: CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arb...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-25235
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2056367 2056368 2057031 2057032 2057033 2057034 2057035 2057036 2057037 2057090 2057323 2057324 2057430 2058088 2058089 2058090 2058091 2058092 2058093 2058094 2058095 2058096 2058097 2058098 2058099 2058100 2058101 2058102 2058103 2058104 2058105 2058106 2058107 2058108 2058109 2058110 2058111 2058112 2058113 2058114 2058115 2058116 2058117 2058349 2058352 2065579 2065582 2070469 2070481 2072092 2072228
Blocks: 2056373
TreeView+ depends on / blocked
 
Reported: 2022-02-21 05:24 UTC by Avinash Hanwate
Modified: 2023-05-16 16:16 UTC (History)
44 users (show)

Fixed In Version: expat 2.4.5
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.
Clone Of:
Environment:
Last Closed: 2022-12-04 00:17:41 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0953 0 None None None 2022-03-16 21:53:35 UTC
Red Hat Product Errata RHBA-2022:0957 0 None None None 2022-03-17 15:58:22 UTC
Red Hat Product Errata RHBA-2022:0959 0 None None None 2022-03-17 17:17:50 UTC
Red Hat Product Errata RHBA-2022:0960 0 None None None 2022-03-17 17:34:11 UTC
Red Hat Product Errata RHBA-2022:0964 0 None None None 2022-03-17 21:26:56 UTC
Red Hat Product Errata RHBA-2022:0965 0 None None None 2022-03-17 21:56:43 UTC
Red Hat Product Errata RHBA-2022:0976 0 None None None 2022-03-21 11:35:15 UTC
Red Hat Product Errata RHBA-2022:0977 0 None None None 2022-03-21 11:36:22 UTC
Red Hat Product Errata RHBA-2022:0978 0 None None None 2022-03-21 11:36:49 UTC
Red Hat Product Errata RHBA-2022:0979 0 None None None 2022-03-21 14:37:13 UTC
Red Hat Product Errata RHBA-2022:0980 0 None None None 2022-03-21 14:44:44 UTC
Red Hat Product Errata RHBA-2022:0981 0 None None None 2022-03-21 14:42:16 UTC
Red Hat Product Errata RHBA-2022:1005 0 None None None 2022-03-22 08:41:46 UTC
Red Hat Product Errata RHBA-2022:1014 0 None Closed rng-tools-6.8-4.el8_4.x86_64.rpm introduces issue with build in container 2022-06-13 09:12:51 UTC
Red Hat Product Errata RHBA-2022:1016 0 None None None 2022-03-22 20:25:15 UTC
Red Hat Product Errata RHBA-2022:1031 0 None None None 2022-03-23 11:13:02 UTC
Red Hat Product Errata RHBA-2022:1046 0 None None None 2022-03-24 09:35:51 UTC
Red Hat Product Errata RHBA-2022:1048 0 None None None 2022-03-24 10:43:28 UTC
Red Hat Product Errata RHBA-2022:1057 0 None None None 2022-03-24 16:13:24 UTC
Red Hat Product Errata RHBA-2022:1058 0 None None None 2022-03-24 15:32:38 UTC
Red Hat Product Errata RHBA-2022:1079 0 None None None 2022-03-28 11:32:22 UTC
Red Hat Product Errata RHBA-2022:1085 0 None None None 2022-03-28 18:10:49 UTC
Red Hat Product Errata RHBA-2022:1089 0 None None None 2022-03-29 01:11:47 UTC
Red Hat Product Errata RHBA-2022:1099 0 None None None 2022-03-29 07:42:27 UTC
Red Hat Product Errata RHBA-2022:1100 0 None None None 2022-03-29 07:40:12 UTC
Red Hat Product Errata RHBA-2022:1101 0 None None None 2022-03-29 08:13:42 UTC
Red Hat Product Errata RHBA-2022:1117 0 None None None 2022-03-29 15:05:29 UTC
Red Hat Product Errata RHBA-2022:1118 0 None None None 2022-03-29 15:07:30 UTC
Red Hat Product Errata RHBA-2022:1119 0 None None None 2022-03-29 15:08:35 UTC
Red Hat Product Errata RHBA-2022:1120 0 None None None 2022-03-29 15:11:57 UTC
Red Hat Product Errata RHBA-2022:1121 0 None None None 2022-03-29 15:10:24 UTC
Red Hat Product Errata RHBA-2022:1122 0 None None None 2022-03-29 15:18:02 UTC
Red Hat Product Errata RHBA-2022:1125 0 None None None 2022-03-29 15:36:50 UTC
Red Hat Product Errata RHBA-2022:1126 0 None None None 2022-03-29 19:10:56 UTC
Red Hat Product Errata RHBA-2022:1127 0 None None None 2022-03-29 19:11:50 UTC
Red Hat Product Errata RHBA-2022:1130 0 None None None 2022-03-29 17:45:32 UTC
Red Hat Product Errata RHBA-2022:1131 0 None None None 2022-03-29 18:13:35 UTC
Red Hat Product Errata RHBA-2022:1140 0 None None None 2022-03-30 13:35:51 UTC
Red Hat Product Errata RHBA-2022:1150 0 None None None 2022-03-31 18:41:30 UTC
Red Hat Product Errata RHBA-2022:1172 0 None None None 2022-04-04 08:24:25 UTC
Red Hat Product Errata RHBA-2022:1176 0 None None None 2022-04-04 10:45:33 UTC
Red Hat Product Errata RHBA-2022:1191 0 None Waiting on Red Hat After provisioning of server and relocating to final IP address Satellite DHCP does not release the installed ip address... 2022-06-13 03:00:32 UTC
Red Hat Product Errata RHBA-2022:1258 0 None None None 2022-04-06 17:10:23 UTC
Red Hat Product Errata RHBA-2022:1289 0 None None None 2022-04-11 05:59:57 UTC
Red Hat Product Errata RHBA-2022:1308 0 None None None 2022-04-11 14:51:17 UTC
Red Hat Product Errata RHBA-2022:1319 0 None None None 2022-04-12 11:31:18 UTC
Red Hat Product Errata RHBA-2022:1380 0 None None None 2022-04-18 10:57:40 UTC
Red Hat Product Errata RHBA-2022:1385 0 None None None 2022-04-18 13:53:44 UTC
Red Hat Product Errata RHBA-2022:1392 0 None None None 2022-04-19 08:56:42 UTC
Red Hat Product Errata RHBA-2022:1434 0 None None None 2022-04-20 06:53:18 UTC
Red Hat Product Errata RHBA-2022:1495 0 None None None 2022-04-21 14:02:56 UTC
Red Hat Product Errata RHBA-2022:1507 0 None None None 2022-04-21 16:15:00 UTC
Red Hat Product Errata RHBA-2022:1608 0 None None None 2022-04-27 07:56:57 UTC
Red Hat Product Errata RHBA-2022:1609 0 None None None 2022-04-27 07:16:21 UTC
Red Hat Product Errata RHBA-2022:1610 0 None None None 2022-04-27 07:17:57 UTC
Red Hat Product Errata RHBA-2022:1611 0 None None None 2022-04-27 07:19:08 UTC
Red Hat Product Errata RHBA-2022:1612 0 None None None 2022-04-27 07:20:49 UTC
Red Hat Product Errata RHBA-2022:1613 0 None None None 2022-04-27 07:21:36 UTC
Red Hat Product Errata RHBA-2022:1614 0 None None None 2022-04-27 07:23:21 UTC
Red Hat Product Errata RHBA-2022:1615 0 None None None 2022-04-27 07:23:59 UTC
Red Hat Product Errata RHBA-2022:1616 0 None None None 2022-04-27 07:27:26 UTC
Red Hat Product Errata RHBA-2022:1639 0 None None None 2022-04-28 06:36:13 UTC
Red Hat Product Errata RHBA-2022:1672 0 None None None 2022-05-02 15:32:16 UTC
Red Hat Product Errata RHBA-2022:1673 0 None None None 2022-05-02 15:59:06 UTC
Red Hat Product Errata RHSA-2022:0815 0 None None None 2022-03-10 15:06:40 UTC
Red Hat Product Errata RHSA-2022:0816 0 None None None 2022-03-10 15:14:33 UTC
Red Hat Product Errata RHSA-2022:0817 0 None None None 2022-03-10 15:24:43 UTC
Red Hat Product Errata RHSA-2022:0818 0 None None None 2022-03-10 15:18:45 UTC
Red Hat Product Errata RHSA-2022:0824 0 None None None 2022-03-10 16:28:06 UTC
Red Hat Product Errata RHSA-2022:0843 0 None None None 2022-03-14 10:04:45 UTC
Red Hat Product Errata RHSA-2022:0845 0 None None None 2022-03-14 10:13:23 UTC
Red Hat Product Errata RHSA-2022:0847 0 None None None 2022-03-14 10:07:54 UTC
Red Hat Product Errata RHSA-2022:0850 0 None None None 2022-03-14 10:44:42 UTC
Red Hat Product Errata RHSA-2022:0853 0 None None None 2022-03-14 10:26:23 UTC
Red Hat Product Errata RHSA-2022:0951 0 None None None 2022-03-16 16:17:31 UTC
Red Hat Product Errata RHSA-2022:1012 0 None None None 2022-03-22 16:20:12 UTC
Red Hat Product Errata RHSA-2022:1053 0 None None None 2022-03-24 13:30:52 UTC
Red Hat Product Errata RHSA-2022:1068 0 None None None 2022-03-28 08:56:38 UTC
Red Hat Product Errata RHSA-2022:1069 0 None None None 2022-03-28 11:49:46 UTC
Red Hat Product Errata RHSA-2022:1070 0 None None None 2022-03-28 09:43:10 UTC
Red Hat Product Errata RHSA-2022:1263 0 None None None 2022-04-07 09:03:41 UTC
Red Hat Product Errata RHSA-2022:1309 0 None None None 2022-04-12 15:45:33 UTC
Red Hat Product Errata RHSA-2022:1539 0 None None None 2022-04-26 10:19:02 UTC
Red Hat Product Errata RHSA-2022:1540 0 None None None 2022-04-26 11:11:15 UTC
Red Hat Product Errata RHSA-2022:1643 0 None None None 2022-04-28 16:37:36 UTC
Red Hat Product Errata RHSA-2022:1644 0 None None None 2022-04-28 16:16:03 UTC
Red Hat Product Errata RHSA-2022:7143 0 None None None 2022-10-26 20:22:01 UTC
Red Hat Product Errata RHSA-2022:7144 0 None None None 2022-10-26 20:08:30 UTC
Red Hat Product Errata RHSA-2022:7811 0 None None None 2022-11-08 10:34:38 UTC

Description Avinash Hanwate 2022-02-21 05:24:36 UTC 
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
http://www.openwall.com/lists/oss-security/2022/02/19/1
https://github.com/libexpat/libexpat/pull/562
Comment 1 Avinash Hanwate 2022-02-21 05:25:07 UTC 
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 2056367]


Created mingw-expat tracking bugs for this issue:

Affects: fedora-all [bug 2056368]
Comment 2 Mauro Matteo Cascella 2022-02-22 15:25:08 UTC 
Upstream commit:
https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6
Comment 7 Mauro Matteo Cascella 2022-02-23 11:51:59 UTC 
Created xmlrpc-c tracking bugs for this issue:

Affects: fedora-all [bug 2057430]
Comment 12 errata-xmlrpc 2022-03-10 15:06:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0815 https://access.redhat.com/errata/RHSA-2022:0815
Comment 13 errata-xmlrpc 2022-03-10 15:14:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0816 https://access.redhat.com/errata/RHSA-2022:0816
Comment 14 errata-xmlrpc 2022-03-10 15:18:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0818 https://access.redhat.com/errata/RHSA-2022:0818
Comment 15 errata-xmlrpc 2022-03-10 15:24:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0817 https://access.redhat.com/errata/RHSA-2022:0817
Comment 16 errata-xmlrpc 2022-03-10 16:28:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0824 https://access.redhat.com/errata/RHSA-2022:0824
Comment 17 errata-xmlrpc 2022-03-14 10:04:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:0843 https://access.redhat.com/errata/RHSA-2022:0843
Comment 18 errata-xmlrpc 2022-03-14 10:07:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:0847 https://access.redhat.com/errata/RHSA-2022:0847
Comment 19 errata-xmlrpc 2022-03-14 10:13:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0845 https://access.redhat.com/errata/RHSA-2022:0845
Comment 20 errata-xmlrpc 2022-03-14 10:26:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:0853 https://access.redhat.com/errata/RHSA-2022:0853
Comment 21 errata-xmlrpc 2022-03-14 10:44:38 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0850 https://access.redhat.com/errata/RHSA-2022:0850
Comment 22 errata-xmlrpc 2022-03-16 16:17:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:0951 https://access.redhat.com/errata/RHSA-2022:0951
Comment 23 Sandro Bonazzola 2022-03-18 09:18:39 UTC 
Created expat tracking bugs for this issue:

Affects: oVirt 4.4 [ bug 2065579 ]

Affects: CentOS Stream 8 [ bug 2065582 ]
Comment 24 errata-xmlrpc 2022-03-22 16:20:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1012 https://access.redhat.com/errata/RHSA-2022:1012
Comment 25 errata-xmlrpc 2022-03-24 13:30:48 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 8

Via RHSA-2022:1053 https://access.redhat.com/errata/RHSA-2022:1053
Comment 28 errata-xmlrpc 2022-03-28 08:56:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1068 https://access.redhat.com/errata/RHSA-2022:1068
Comment 30 errata-xmlrpc 2022-03-28 09:43:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1070 https://access.redhat.com/errata/RHSA-2022:1070
Comment 31 errata-xmlrpc 2022-03-28 11:49:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:1069 https://access.redhat.com/errata/RHSA-2022:1069
Comment 33 errata-xmlrpc 2022-04-07 09:03:36 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2022:1263 https://access.redhat.com/errata/RHSA-2022:1263
Comment 34 errata-xmlrpc 2022-04-12 15:45:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:1309 https://access.redhat.com/errata/RHSA-2022:1309
Comment 35 errata-xmlrpc 2022-04-26 10:18:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2022:1539 https://access.redhat.com/errata/RHSA-2022:1539
Comment 36 errata-xmlrpc 2022-04-26 11:11:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:1540 https://access.redhat.com/errata/RHSA-2022:1540
Comment 37 errata-xmlrpc 2022-04-28 16:15:59 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:1644 https://access.redhat.com/errata/RHSA-2022:1644
Comment 38 errata-xmlrpc 2022-04-28 16:37:33 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1643 https://access.redhat.com/errata/RHSA-2022:1643
Comment 39 errata-xmlrpc 2022-10-26 20:08:26 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:7144 https://access.redhat.com/errata/RHSA-2022:7144
Comment 40 errata-xmlrpc 2022-10-26 20:21:57 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:7143 https://access.redhat.com/errata/RHSA-2022:7143
Comment 42 errata-xmlrpc 2022-11-08 10:34:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:7811 https://access.redhat.com/errata/RHSA-2022:7811
Comment 43 Product Security DevOps Team 2022-12-04 00:17:35 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-25235
Note You need to log in before you can comment on or make changes to this bug.