CVE-2022-23852
Published: 24 January 2022
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Notes
| Author | Note |
|---|---|
| sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
| rodrigo-zaiden | libxmltok does not include EXPAT_SAFE_PTR_DIFF method, so it is not affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
expat Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| xenial |
Released
(2.1.0-7ubuntu0.16.04.5+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| bionic |
Released
(2.2.5-3ubuntu0.4)
|
|
| focal |
Released
(2.2.9-1ubuntu0.2)
|
|
| impish |
Released
(2.4.1-2ubuntu0.1)
|
|
| jammy |
Released
(2.4.3-2)
|
|
| kinetic |
Released
(2.4.3-2)
|
|
| trusty |
Released
(2.1.0-4ubuntu1.4+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| lunar |
Released
(2.4.3-2)
|
|
| mantic |
Released
(2.4.3-2)
|
|
|
Patches: upstream: https://github.com/libexpat/libexpat/pull/550/commits/847a645152f5ebc10ac63b74b604d0c1a79fae40 upstream: https://github.com/libexpat/libexpat/pull/550/commits/acf956f14bf79a5e6383a969aaffec98bfbc2e44 (test) |
||
|
apr-util Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
cableswig Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
cadaver Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
coin3 Launchpad, Ubuntu, Debian |
xenial |
Needed
|
| bionic |
Needed
|
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| trusty |
Needed
|
|
| upstream |
Needs triage
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
lunar |
Ignored
(bundled deps handled by upstream in new versions)
|
| focal |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| jammy |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| impish |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| bionic |
Ignored
(end of standard support, was needed)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| mantic |
Ignored
(bundled deps handled by upstream in new versions)
|
|
|
ayttm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
cmake Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
firefox Launchpad, Ubuntu, Debian |
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
| bionic |
Ignored
(end of standard support, was needed)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(1:1snap1-0ubuntu1)
|
|
| kinetic |
Released
(1:1snap1-0ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| lunar |
Released
(1:1snap1-0ubuntu1)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| mantic |
Released
(1:1snap1-0ubuntu1)
|
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| trusty |
Not vulnerable
(uses system expat)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Does not exist
|
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
libxmltok Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code not present)
|
| bionic |
Not vulnerable
(code not present)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Not vulnerable
(code not present)
|
|
| mantic |
Not vulnerable
(code not present)
|
|
|
matanza Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
swish-e Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
tdom Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| bionic |
Needed
|
|
| focal |
Needed
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
vnc4 Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Needed
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
wbxml2 Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| bionic |
Needed
|
|
| focal |
Needed
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| bionic |
Not vulnerable
(code not present)
|
|
| focal |
Not vulnerable
(code not present)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Needs triage
|
|
| trusty |
Not vulnerable
(code not present)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |