CVE-2022-25314
Published: 18 February 2022
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Notes
Author | Note |
---|---|
sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
leosilva | xenial and trusty are not affected as code is not present. |
rodrigo-zaiden | libxmltok does not include copyString method, so it is not affected. |
Priority
Status
Package | Release | Status |
---|---|---|
thunderbird Launchpad, Ubuntu, Debian |
xenial |
Ignored
(end of standard support, was needed)
|
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
|
impish |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
jammy |
Ignored
(bundled deps handled by upstream in new versions)
|
|
lunar |
Ignored
(bundled deps handled by upstream in new versions)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
bionic |
Ignored
(end of standard support, was needed)
|
|
mantic |
Ignored
(bundled deps handled by upstream in new versions)
|
|
ayttm Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
cableswig Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
jammy |
Does not exist
|
|
mantic |
Does not exist
|
|
cadaver Launchpad, Ubuntu, Debian |
xenial |
Needs triage
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
lunar |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Not vulnerable
(code-not-compiled)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
mantic |
Not vulnerable
(code-not-compiled)
|
|
apr-util Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
lunar |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Not vulnerable
(code-not-compiled)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
mantic |
Not vulnerable
(code-not-compiled)
|
|
cmake Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
lunar |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
mantic |
Not vulnerable
(code-not-compiled)
|
|
coin3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Not vulnerable
(uses system expat)
|
|
impish |
Not vulnerable
(uses system expat)
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
xenial |
Needs triage
|
|
mantic |
Not vulnerable
(uses system expat)
|
|
firefox Launchpad, Ubuntu, Debian |
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
impish |
Ignored
(end of life)
|
|
kinetic |
Released
(1:1snap1-0ubuntu1)
|
|
lunar |
Released
(1:1snap1-0ubuntu1)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
jammy |
Released
(1:1snap1-0ubuntu1)
|
|
bionic |
Ignored
(end of standard support, was needed)
|
|
xenial |
Ignored
(end of standard support, was needed)
|
|
mantic |
Released
(1:1snap1-0ubuntu1)
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
impish |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Does not exist
|
|
expat Launchpad, Ubuntu, Debian |
bionic |
Released
(2.2.5-3ubuntu0.7)
|
focal |
Released
(2.2.9-1ubuntu0.4)
|
|
impish |
Released
(2.4.1-2ubuntu0.3)
|
|
kinetic |
Released
(2.4.5-2)
|
|
lunar |
Released
(2.4.5-2)
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
jammy |
Released
(2.4.5-2)
|
|
mantic |
Released
(2.4.5-2)
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
focal |
Not vulnerable
(uses system expat)
|
|
impish |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
trusty |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system expat)
|
|
mantic |
Not vulnerable
(uses system expat)
|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
lunar |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
mantic |
Not vulnerable
(code-not-compiled)
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Does not exist
|
|
libxmltok Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(code not present)
|
lunar |
Not vulnerable
(code not present)
|
|
bionic |
Not vulnerable
(code not present)
|
|
focal |
Not vulnerable
(code not present)
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Not vulnerable
(code not present)
|
|
jammy |
Not vulnerable
(code not present)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
mantic |
Not vulnerable
(code not present)
|
|
matanza Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Needs triage
|
|
swish-e Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Needs triage
|
|
tdom Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Needs triage
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
mantic |
Does not exist
|
|
texlive-bin Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Not vulnerable
(code-not-compiled)
|
|
impish |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
lunar |
Not vulnerable
(code-not-compiled)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
mantic |
Not vulnerable
(code-not-compiled)
|
|
vnc4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Does not exist
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
kinetic |
Does not exist
|
|
lunar |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Does not exist
|
|
wbxml2 Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Needs triage
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
mantic |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |