CVE-2022-25236
Published: 15 February 2022
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Notes
| Author | Note |
|---|---|
| sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
| leosilva | pull request 577 adds relax fix to this CVE in regard RFC 3986 URI characters and fix also some regressions. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code-not-compiled)
|
| bionic |
Not vulnerable
(code-not-compiled)
|
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
apr-util Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code-not-compiled)
|
| bionic |
Not vulnerable
(code-not-compiled)
|
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
cmake Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code-not-compiled)
|
| bionic |
Not vulnerable
(code-not-compiled)
|
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
expat Launchpad, Ubuntu, Debian |
kinetic |
Released
(2.4.5-2)
|
| bionic |
Released
(2.2.5-3ubuntu0.4)
|
|
| focal |
Released
(2.2.9-1ubuntu0.2)
|
|
| impish |
Released
(2.4.1-2ubuntu0.1)
|
|
| lunar |
Released
(2.4.5-2)
|
|
| trusty |
Released
(2.1.0-4ubuntu1.4+esm4)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.1.0-7ubuntu0.16.04.5+esm2)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| jammy |
Released
(2.4.5-2)
|
|
| mantic |
Released
(2.4.5-2)
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code-not-compiled)
|
| bionic |
Not vulnerable
(code-not-compiled)
|
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code-not-compiled)
|
| bionic |
Not vulnerable
(code-not-compiled)
|
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
|
ayttm Launchpad, Ubuntu, Debian |
kinetic |
Does not exist
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| jammy |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
cableswig Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| bionic |
Not vulnerable
(uses system expat)
|
|
| focal |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Does not exist
|
|
|
matanza Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
swish-e Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
libxmltok Launchpad, Ubuntu, Debian |
xenial |
Released
(1.2-3ubuntu0.16.04.1~esm2)
Available with Ubuntu Pro |
| kinetic |
Ignored
(end of life, was needed)
|
|
| lunar |
Needed
|
|
| hirsute |
Ignored
(end of life)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| bionic |
Released
(1.2-4ubuntu0.18.04.1~esm1)
Available with Ubuntu Pro |
|
| focal |
Released
(1.2-4ubuntu0.20.04.1~esm1)
Available with Ubuntu Pro |
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(1.2-4ubuntu0.22.04.1~esm1)
Available with Ubuntu Pro |
|
| mantic |
Needed
|
|
|
vnc4 Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| bionic |
Needs triage
|
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| mantic |
Does not exist
|
|
|
wbxml2 Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
xenial |
Needed
|
| kinetic |
Ignored
(end of life, was needed)
|
|
| bionic |
Needed
|
|
| focal |
Needed
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needed
|
|
| lunar |
Needed
|
|
| trusty |
Needed
|
|
| upstream |
Needs triage
|
|
| mantic |
Needed
|
|
|
firefox Launchpad, Ubuntu, Debian |
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(1:1snap1-0ubuntu1)
|
|
| kinetic |
Released
(1:1snap1-0ubuntu1)
|
|
| lunar |
Released
(1:1snap1-0ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| bionic |
Ignored
(end of standard support, was needed)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| mantic |
Released
(1:1snap1-0ubuntu1)
|
|
|
cadaver Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
coin3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| trusty |
Not vulnerable
(uses system expat)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system expat)
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
|
tdom Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| bionic |
Needs triage
|
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Does not exist
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| jammy |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| lunar |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| bionic |
Ignored
(end of standard support, was needed)
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
| mantic |
Ignored
(bundled deps handled by upstream in new versions)
|
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
| mantic |
Does not exist
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25236
- https://github.com/libexpat/libexpat/pull/561
- https://github.com/libexpat/libexpat/pull/561/commits/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 (fix)
- https://github.com/libexpat/libexpat/pull/561/commits/2de077423fb22750ebea599677d523b53cb93b1d (test)
- https://github.com/libexpat/libexpat/pull/577
- https://ubuntu.com/security/notices/USN-5288-1
- https://ubuntu.com/security/notices/USN-5455-1
- NVD
- Launchpad
- Debian