CVE-2022-22827
Published: 10 January 2022
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Notes
| Author | Note |
|---|---|
| sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
| leosilva | CVE-2022-22822 to CVE-2022-22827 has the same fix/patch. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
expat Launchpad, Ubuntu, Debian |
impish |
Released
(2.4.1-2ubuntu0.1)
|
| trusty |
Released
(2.1.0-4ubuntu1.4+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| bionic |
Released
(2.2.5-3ubuntu0.4)
|
|
| focal |
Released
(2.2.9-1ubuntu0.2)
|
|
| hirsute |
Ignored
(end of life)
|
|
| jammy |
Released
(2.4.3-1)
|
|
| kinetic |
Released
(2.4.3-1)
|
|
| lunar |
Released
(2.4.3-1)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.1.0-7ubuntu0.16.04.5+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| mantic |
Released
(2.4.3-1)
|
|
|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| hirsute |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
apr-util Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| hirsute |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
ayttm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
cableswig Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
cadaver Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
cmake Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| hirsute |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
coin3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Not vulnerable
(uses system expat)
|
|
| hirsute |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Released
(98.0+build3-0ubuntu0.18.04.2)
|
| focal |
Released
(98.0+build3-0ubuntu0.20.04.2)
|
|
| impish |
Released
(98.0+build3-0ubuntu0.21.10.2)
|
|
| jammy |
Released
(1:1snap1-0ubuntu1)
|
|
| kinetic |
Released
(1:1snap1-0ubuntu1)
|
|
| lunar |
Released
(1:1snap1-0ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(98)
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
| mantic |
Released
(1:1snap1-0ubuntu1)
|
|
|
Patches: upstream: https://hg.mozilla.org/releases/mozilla-release/rev/1b20c84cd140d14859be41e1715ff886ac301836 |
||
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| hirsute |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| trusty |
Not vulnerable
(uses system expat)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system expat)
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| hirsute |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
libxmltok Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needed)
|
| bionic |
Released
(1.2-4ubuntu0.18.04.1~esm1)
Available with Ubuntu Pro |
|
| focal |
Released
(1.2-4ubuntu0.20.04.1~esm1)
Available with Ubuntu Pro |
|
| jammy |
Released
(1.2-4ubuntu0.22.04.1~esm1)
Available with Ubuntu Pro |
|
| hirsute |
Ignored
(end of life)
|
|
| lunar |
Needed
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(1.2-3ubuntu0.16.04.1~esm2)
Available with Ubuntu Pro |
|
| impish |
Ignored
(end of life)
|
|
| mantic |
Needed
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
matanza Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
swish-e Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Does not exist
|
|
|
tdom Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| focal |
Released
(1:91.11.0+build2-0ubuntu0.20.04.1)
|
|
| lunar |
Not vulnerable
(1:102.10.0+build2-0ubuntu1)
|
|
| bionic |
Ignored
(end of standard support, was needs-triage)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needs-triage)
|
|
| jammy |
Released
(1:91.11.0+build2-0ubuntu0.22.04.1)
|
|
| mantic |
Not vulnerable
(1:102.10.0+build2-0ubuntu1)
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| hirsute |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
vnc4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
wbxml2 Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| focal |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 8.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |