CVE-2022-43680
Published: 24 October 2022
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Notes
Author | Note |
---|---|
sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
mdeslaur | apache2 uses system expat apr-util uses system expat cmake uses system expat ghostscript uses system expat |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
jammy |
Not vulnerable
(code not present)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
kinetic |
Not vulnerable
(code not present)
|
|
lunar |
Not vulnerable
(code not present)
|
|
bionic |
Ignored
(end of standard support, was needs-triage)
|
|
xenial |
Ignored
(end of standard support)
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
cableswig Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
bionic |
Does not exist
|
|
focal |
Does not exist
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
expat Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Released
(2.1.0-4ubuntu1.4+esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
kinetic |
Released
(2.4.8-2ubuntu0.22.10.1)
|
|
bionic |
Released
(2.2.5-3ubuntu0.8)
|
|
focal |
Released
(2.2.9-1ubuntu0.6)
|
|
jammy |
Released
(2.4.7-1ubuntu0.2)
|
|
xenial |
Released
(2.1.0-7ubuntu0.16.04.5+esm7)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
lunar |
Released
(2.5.0-1)
|
|
Patches: upstream: https://github.com/libexpat/libexpat/commit/56967f83d68d5fc750f9e66a9a76756c94c7c173 |
||
apache2 Launchpad, Ubuntu, Debian |
trusty |
Not vulnerable
(uses system expat)
|
xenial |
Not vulnerable
(uses system expat)
|
|
bionic |
Not vulnerable
(uses system expat)
|
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
apr-util Launchpad, Ubuntu, Debian |
trusty |
Not vulnerable
(uses system expat)
|
xenial |
Not vulnerable
(uses system expat)
|
|
bionic |
Not vulnerable
(uses system expat)
|
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
cmake Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
xenial |
Not vulnerable
(uses system expat)
|
|
bionic |
Not vulnerable
(uses system expat)
|
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
ghostscript Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
xenial |
Not vulnerable
(uses system expat)
|
|
bionic |
Not vulnerable
(uses system expat)
|
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
texlive-bin Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
bionic |
Not vulnerable
(code-not-compiled)
|
|
focal |
Not vulnerable
(code-not-compiled)
|
|
jammy |
Not vulnerable
(code-not-compiled)
|
|
upstream |
Needs triage
|
|
lunar |
Not vulnerable
(code-not-compiled)
|
|
kinetic |
Not vulnerable
(code-not-compiled)
|
|
vnc4 Launchpad, Ubuntu, Debian |
trusty |
Needs triage
|
bionic |
Needs triage
|
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
wbxml2 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
lunar |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
xenial |
Needs triage
|
|
swish-e Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
bionic |
Needs triage
|
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
upstream |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
xenial |
Needs triage
|
|
lunar |
Needs triage
|
|
ayttm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
cadaver Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Needs triage
|
|
coin3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
trusty |
Not vulnerable
(uses system expat)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(uses system expat)
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
focal |
Not vulnerable
(uses system expat)
|
|
jammy |
Not vulnerable
(uses system expat)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
kinetic |
Not vulnerable
(uses system expat)
|
|
xenial |
Needs triage
|
|
lunar |
Not vulnerable
(uses system expat)
|
|
libxmltok Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Needs triage
|
|
matanza Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Needs triage
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code-not-compiled)
|
|
tdom Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
lunar |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
focal |
Ignored
(bundled deps handled by upstream in new versions)
|
jammy |
Ignored
(bundled deps handled by upstream in new versions)
|
|
lunar |
Ignored
(bundled deps handled by upstream in new versions)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
bionic |
Ignored
(end of standard support, was needs-triage)
|
|
xenial |
Ignored
(end of standard support)
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
focal |
Does not exist
|
|
jammy |
Does not exist
|
|
trusty |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
- https://github.com/libexpat/libexpat/issues/649
- https://github.com/libexpat/libexpat/pull/616
- https://github.com/libexpat/libexpat/pull/650
- https://ubuntu.com/security/notices/USN-5638-3
- https://ubuntu.com/security/notices/USN-5638-2
- https://ubuntu.com/security/notices/USN-5638-4
- NVD
- Launchpad
- Debian