ID

VAR-202201-0426


CVE

CVE-2022-23990


TITLE

Expat  Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003474

DESCRIPTION

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: mingw-expat security update Advisory ID: RHSA-2022:7811-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7811 Issue date: 2022-11-08 CVE Names: CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ==================================================================== 1. Summary: An update for mingw-expat is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - noarch 3. Description: Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. The following packages have been upgraded to a later upstream version: mingw-expat (2.4.8). (BZ#2057023, BZ#2057037, BZ#2057127) Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) * expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236) * expat: Integer overflow in storeRawNames() (CVE-2022-25315) * expat: Stack exhaustion in doctype parsing (CVE-2022-25313) * expat: Integer overflow in copyString() (CVE-2022-25314) * expat: Integer overflow in the doProlog function (CVE-2022-23990) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat CodeReady Linux Builder (v. 8): Source: mingw-expat-2.4.8-1.el8.src.rpm noarch: mingw32-expat-2.4.8-1.el8.noarch.rpm mingw32-expat-debuginfo-2.4.8-1.el8.noarch.rpm mingw64-expat-2.4.8-1.el8.noarch.rpm mingw64-expat-debuginfo-2.4.8-1.el8.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-23990 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25313 https://access.redhat.com/security/cve/CVE-2022-25314 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSN9zjgjWX9erEAQiUug//S0FwujIXoFODWtJgEPijbfoA28JgVjcz lRdWl0wmXyMSlFkkBVIrOeGgxM4oLUpAwOdOPWIzb/M29xEfo4h3e8lHlwAwqklO lQcv663dY57lHRfbKgunlYWKTZ4+3kZbziZB/Zv58rw6bPDQ/wE96urY3/O0m1ct Dkk3j4zKiAnIFKWEvUHCwui7tOeUHXNAasCXifYoePimf9+lgta+pnYf86parIBg D3afd0S6meUnLqW6EtD0WTJPh6eztjDFEJ/9LKpXo2SL8FAYTrI9yfGQJNsHkGc4 9NaAd3QeBKoGqcg/qBdb9FfwQqHZJGot4BtTui8/E5xnUg3F+/1PuMGxtQ4jI6X9 ey6sWsUKCXMdlhv3TxAs/LFTR1cnkT7heEag/f58eo/W8VBow09k7cs3iktrNd+M 4REv3cfyJ+kFAfA6N6plHb27lFP0aTMveH7FYiWpFGqPH15u3NFcPdsk8qijv4WZ sREJ6LgDknk80Rmla2td+l3Vo4iTCWEL7gvoY9uhzWCbuMvj1SSk5rOqVXtOEvuF 8MpPM+xShIgGbYrFPxeMjYF16p+FxYVDcapSGrIORksAKOunAWDOHmZf+jR7iCMX ts3y9wxwNBObMK+Jr+ApYRohz9obamvxjlwBwXSWJ6xlsFyu5Y3e6IzSm/EJpK1i f25ydDFruA4=jL/2 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. After installing the updated packages, the httpd daemon will be restarted automatically

Trust: 2.25

sources: NVD: CVE-2022-23990 // JVNDB: JVNDB-2022-003474 // VULHUB: VHN-413433 // VULMON: CVE-2022-23990 // PACKETSTORM: 168578 // PACKETSTORM: 169217 // PACKETSTORM: 169777 // PACKETSTORM: 169540 // PACKETSTORM: 169541

AFFECTED PRODUCTS

vendor:oraclemodel:communications metasolv solutionscope:eqversion:6.3.1

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.4.4

Trust: 1.0

vendor:tenablemodel:nessusscope:gteversion:10.0.0

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:8.15.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:10.1.1

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

vendor:オラクルmodel:oracle communications metasolv solutionscope: - version: -

Trust: 0.8

vendor:libexpatmodel:libexpatscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:tenablemodel:nessusscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:日立model:日立高信頼サーバ rv3000scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-003474 // NVD: CVE-2022-23990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-23990
value: HIGH

Trust: 1.0

NVD: CVE-2022-23990
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202201-2483
value: HIGH

Trust: 0.6

VULHUB: VHN-413433
value: MEDIUM

Trust: 0.1

VULMON: CVE-2022-23990
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2022-23990
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-413433
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-23990
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-23990
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-413433 // VULMON: CVE-2022-23990 // JVNDB: JVNDB-2022-003474 // CNNVD: CNNVD-202201-2483 // NVD: CVE-2022-23990

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:Integer overflow or wraparound (CWE-190) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-413433 // JVNDB: JVNDB-2022-003474 // NVD: CVE-2022-23990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-2483

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-2483

PATCH

title:hitachi-sec-2023-204url:https://www.debian.org/security/2022/dsa-5073

Trust: 0.8

title:Expat Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=180387

Trust: 0.6

title:Amazon Linux AMI: ALAS-2023-1882url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2023-1882

Trust: 0.1

title:Red Hat: CVE-2022-23990url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2022-23990

Trust: 0.1

title:Red Hat: Important: mingw-expat security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227811 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALAS2-2023-2280url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2023-2280

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227143 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20227144 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-5073-1 expat -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=131f3d669e0814049dd7f5b87ef0af84

Trust: 0.1

title:Amazon Linux 2022: ALAS2022-2022-028url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-028

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2022-05

Trust: 0.1

title:Amazon Linux 2022: ALAS-2022-232url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS-2022-232

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2022-23990

Trust: 0.1

title: - url:https://github.com/gatecheckdev/gatecheck

Trust: 0.1

title:myapp-container-jaxrsurl:https://github.com/akiraabe/myapp-container-jaxrs

Trust: 0.1

sources: VULMON: CVE-2022-23990 // JVNDB: JVNDB-2022-003474 // CNNVD: CNNVD-202201-2483

EXTERNAL IDS

db:NVDid:CVE-2022-23990

Trust: 3.9

db:TENABLEid:TNS-2022-05

Trust: 1.7

db:SIEMENSid:SSA-484086

Trust: 1.7

db:ICS CERTid:ICSA-22-167-17

Trust: 1.4

db:PACKETSTORMid:169777

Trust: 0.8

db:PACKETSTORMid:168578

Trust: 0.8

db:ICS CERTid:ICSA-23-278-01

Trust: 0.8

db:JVNid:JVNVU99030761

Trust: 0.8

db:JVNid:JVNVU97425465

Trust: 0.8

db:JVNDBid:JVNDB-2022-003474

Trust: 0.8

db:CNNVDid:CNNVD-202201-2483

Trust: 0.7

db:CS-HELPid:SB2022021418

Trust: 0.6

db:CS-HELPid:SB2022032013

Trust: 0.6

db:CS-HELPid:SB2022042116

Trust: 0.6

db:CS-HELPid:SB2022022416

Trust: 0.6

db:CS-HELPid:SB2022012804

Trust: 0.6

db:CS-HELPid:SB2022060617

Trust: 0.6

db:CS-HELPid:SB2022061722

Trust: 0.6

db:CS-HELPid:SB2022041954

Trust: 0.6

db:CS-HELPid:SB2022020902

Trust: 0.6

db:CS-HELPid:SB2022072607

Trust: 0.6

db:AUSCERTid:ESB-2022.0749

Trust: 0.6

db:AUSCERTid:ESB-2022.0626

Trust: 0.6

db:AUSCERTid:ESB-2022.0741

Trust: 0.6

db:AUSCERTid:ESB-2022.5749

Trust: 0.6

db:AUSCERTid:ESB-2022.0596

Trust: 0.6

db:AUSCERTid:ESB-2022.1795

Trust: 0.6

db:AUSCERTid:ESB-2022.2607

Trust: 0.6

db:AUSCERTid:ESB-2022.4460

Trust: 0.6

db:VULHUBid:VHN-413433

Trust: 0.1

db:VULMONid:CVE-2022-23990

Trust: 0.1

db:PACKETSTORMid:169217

Trust: 0.1

db:PACKETSTORMid:169540

Trust: 0.1

db:PACKETSTORMid:169541

Trust: 0.1

sources: VULHUB: VHN-413433 // VULMON: CVE-2022-23990 // JVNDB: JVNDB-2022-003474 // PACKETSTORM: 168578 // PACKETSTORM: 169217 // PACKETSTORM: 169777 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // CNNVD: CNNVD-202201-2483 // NVD: CVE-2022-23990

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.3

url:https://security.gentoo.org/glsa/202209-24

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.7

url:https://www.tenable.com/security/tns-2022-05

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5073

Trust: 1.7

url:https://github.com/libexpat/libexpat/pull/551

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-23990

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34nxvl2rzc2yzrv74zq3rnfb7wceup7d/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/r7ff2uh7mpxktadysjuahi2y5uhbshuh/

Trust: 1.0

url:https://access.redhat.com/security/cve/cve-2022-23990

Trust: 0.9

url:https://jvn.jp/vu/jvnvu99030761/index.html

Trust: 0.8

url:https://jvn.jp/vu/jvnvu97425465/index.html

Trust: 0.8

url:https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34nxvl2rzc2yzrv74zq3rnfb7wceup7d/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/r7ff2uh7mpxktadysjuahi2y5uhbshuh/

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2022.0741

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1795

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2607

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022416

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041954

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020902

Trust: 0.6

url:https://vigilance.fr/vulnerability/expat-integer-overflow-via-doprolog-37397

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021418

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072607

Trust: 0.6

url:https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0596

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5749

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060617

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042116

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022061722

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032013

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4460

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012804

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0749

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0626

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.3

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-41524

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.2

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40674

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/expat

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7811

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7144

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7143

Trust: 0.1

sources: VULHUB: VHN-413433 // JVNDB: JVNDB-2022-003474 // PACKETSTORM: 168578 // PACKETSTORM: 169217 // PACKETSTORM: 169777 // PACKETSTORM: 169540 // PACKETSTORM: 169541 // CNNVD: CNNVD-202201-2483 // NVD: CVE-2022-23990

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202201-2483

SOURCES

db:VULHUBid:VHN-413433
db:VULMONid:CVE-2022-23990
db:JVNDBid:JVNDB-2022-003474
db:PACKETSTORMid:168578
db:PACKETSTORMid:169217
db:PACKETSTORMid:169777
db:PACKETSTORMid:169540
db:PACKETSTORMid:169541
db:CNNVDid:CNNVD-202201-2483
db:NVDid:CVE-2022-23990

LAST UPDATE DATE

2024-08-14T12:42:29.660000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-413433date:2022-10-31T00:00:00
db:VULMONid:CVE-2022-23990date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2022-003474date:2023-10-10T06:14:00
db:CNNVDid:CNNVD-202201-2483date:2022-11-10T00:00:00
db:NVDid:CVE-2022-23990date:2023-11-07T03:44:21.590

SOURCES RELEASE DATE

db:VULHUBid:VHN-413433date:2022-01-26T00:00:00
db:VULMONid:CVE-2022-23990date:2022-01-26T00:00:00
db:JVNDBid:JVNDB-2022-003474date:2023-02-21T00:00:00
db:PACKETSTORMid:168578date:2022-09-30T14:56:43
db:PACKETSTORMid:169217date:2022-02-28T20:12:00
db:PACKETSTORMid:169777date:2022-11-08T13:49:57
db:PACKETSTORMid:169540date:2022-10-27T13:05:19
db:PACKETSTORMid:169541date:2022-10-27T13:05:26
db:CNNVDid:CNNVD-202201-2483date:2022-01-26T00:00:00
db:NVDid:CVE-2022-23990date:2022-01-26T19:15:08.517