ID

VAR-202201-0468


CVE

CVE-2022-22823


TITLE

Expat Input validation error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202201-637

DESCRIPTION

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Expat is a fast streaming XML parser written in C. The vulnerability stems from a boundary error in the build_model in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution. Background ========= Expat is a set of XML parsing libraries. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.4.9 >= 2.4.9 Description ========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9" References ========= [ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202209-24 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2. For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1. We recommend that you upgrade your expat packages. For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xmlrpc-c security update Advisory ID: RHSA-2022:7692-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7692 Issue date: 2022-11-08 CVE Names: CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 ==================================================================== 1. Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: xmlrpc-c-1.51.0-8.el8.src.rpm aarch64: xmlrpc-c-1.51.0-8.el8.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm ppc64le: xmlrpc-c-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm s390x: xmlrpc-c-1.51.0-8.el8.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm x86_64: xmlrpc-c-1.51.0-8.el8.i686.rpm xmlrpc-c-1.51.0-8.el8.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-1.51.0-8.el8.i686.rpm xmlrpc-c-client-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.aarch64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.aarch64.rpm xmlrpc-c-devel-1.51.0-8.el8.aarch64.rpm ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-8.el8.ppc64le.rpm xmlrpc-c-devel-1.51.0-8.el8.ppc64le.rpm s390x: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-1.51.0-8.el8.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-1.51.0-8.el8.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.s390x.rpm xmlrpc-c-debugsource-1.51.0-8.el8.s390x.rpm xmlrpc-c-devel-1.51.0-8.el8.s390x.rpm x86_64: xmlrpc-c-apps-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.i686.rpm xmlrpc-c-debuginfo-1.51.0-8.el8.x86_64.rpm xmlrpc-c-debugsource-1.51.0-8.el8.i686.rpm xmlrpc-c-debugsource-1.51.0-8.el8.x86_64.rpm xmlrpc-c-devel-1.51.0-8.el8.i686.rpm xmlrpc-c-devel-1.51.0-8.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSTdzjgjWX9erEAQiDfRAAmj50JYZkSqq4Y57nQvXRqPdFwkfMdgR5 Vot+lbhYR4m2oFhZ0F6Ow4hi60EddVBoyULspeJky1ReuEDn2ou5iw9ScdHFs1nG LF9Wjz+VSNr/619VhHsBRIjlMO7GRa3DYyjJ8LCFdOOcl5IJb6p5wGIQmkEaQo/5 K/kxbNW4XsuVu2p6JkI54pjTyiEoYFxnd2O+cb97aAcnyqxMexV463bkrOCJ0leU JOVf4PXyRaCt5a2AawgJ3yDXhVGWnex+wotylt9F2gttOyLoAKbe73aOYCFszeA8 0z7Bb0GTyKX5OBQltrtJvt+m4bQvQPfTryEDQGeUQv4mnnsUvRkQ7BfoyRLDWuOd IlV+PrQesSsUi3L3VjtZr0MJCNV6A1s7uqC8piac7n1Vrod/pY6ZOxrSUvzoSbgZ XaVZ5Ay/n2TafyxxJ5iZCUm+FOtW28fH8VnTrZeQoLy9xLlAmSH+uS3EEiy+OsxI nv73jUqWLIbgJGTcOgWg24BMmL+ICNaCOjBXkUuA5WGMfLMdtVTN1gKniJ2dPp6Y qKJ4S8aUQ0Ecq0q7HkJ29zatTHystEo60HWOl54pMLQUjIGaITxWaY8aJcvCDQZ7 uOxWKJyMgNeyNZc7UYvZW0UFWnzXBtcwEjyZJDg3u3/IR8RU9ARX0cF73Fm40c5S ZzcPNNMPHw0=wFwS -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience

Trust: 1.53

sources: NVD: CVE-2022-22823 // VULHUB: VHN-411549 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 168578 // PACKETSTORM: 169217 // PACKETSTORM: 169788 // PACKETSTORM: 169540

AFFECTED PRODUCTS

vendor:tenablemodel:nessusscope:ltversion:8.15.3

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:libexpatmodel:libexpatscope:ltversion:2.4.3

Trust: 1.0

vendor:tenablemodel:nessusscope:ltversion:10.1.1

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

vendor:tenablemodel:nessusscope:gteversion:10.0.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

sources: NVD: CVE-2022-22823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-22823
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202201-637
value: CRITICAL

Trust: 0.6

VULHUB: VHN-411549
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2022-22823
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-411549
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2022-22823
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-411549 // CNNVD: CNNVD-202201-637 // NVD: CVE-2022-22823

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

sources: VULHUB: VHN-411549 // NVD: CVE-2022-22823

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 169788 // CNNVD: CNNVD-202201-637

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202201-637

EXTERNAL IDS

db:NVDid:CVE-2022-22823

Trust: 2.3

db:OPENWALLid:OSS-SECURITY/2022/01/17/3

Trust: 1.7

db:SIEMENSid:SSA-484086

Trust: 1.7

db:TENABLEid:TNS-2022-05

Trust: 1.7

db:PACKETSTORMid:169788

Trust: 0.8

db:PACKETSTORMid:168578

Trust: 0.8

db:PACKETSTORMid:167008

Trust: 0.7

db:PACKETSTORMid:166496

Trust: 0.7

db:PACKETSTORMid:166976

Trust: 0.7

db:PACKETSTORMid:166348

Trust: 0.7

db:PACKETSTORMid:169541

Trust: 0.7

db:PACKETSTORMid:166437

Trust: 0.7

db:PACKETSTORMid:166516

Trust: 0.7

db:CS-HELPid:SB2022072065

Trust: 0.6

db:CS-HELPid:SB2022072710

Trust: 0.6

db:CS-HELPid:SB2022060617

Trust: 0.6

db:CS-HELPid:SB2022032843

Trust: 0.6

db:CS-HELPid:SB2022070734

Trust: 0.6

db:CS-HELPid:SB2022041954

Trust: 0.6

db:CS-HELPid:SB2022032013

Trust: 0.6

db:CS-HELPid:SB2022011713

Trust: 0.6

db:CS-HELPid:SB2022031627

Trust: 0.6

db:CS-HELPid:SB2022022416

Trust: 0.6

db:CS-HELPid:SB2022070605

Trust: 0.6

db:CS-HELPid:SB2022020902

Trust: 0.6

db:CS-HELPid:SB2022021418

Trust: 0.6

db:CS-HELPid:SB2022033002

Trust: 0.6

db:CS-HELPid:SB2022032445

Trust: 0.6

db:CS-HELPid:SB2022042116

Trust: 0.6

db:ICS CERTid:ICSA-22-167-17

Trust: 0.6

db:AUSCERTid:ESB-2022.0626

Trust: 0.6

db:AUSCERTid:ESB-2022.4174

Trust: 0.6

db:AUSCERTid:ESB-2022.1677

Trust: 0.6

db:AUSCERTid:ESB-2022.1154

Trust: 0.6

db:AUSCERTid:ESB-2022.1263

Trust: 0.6

db:AUSCERTid:ESB-2022.2171

Trust: 0.6

db:AUSCERTid:ESB-2022.3299

Trust: 0.6

db:AUSCERTid:ESB-2022.5666

Trust: 0.6

db:AUSCERTid:ESB-2022.0369

Trust: 0.6

db:AUSCERTid:ESB-2022.0749

Trust: 0.6

db:CNNVDid:CNNVD-202201-637

Trust: 0.6

db:PACKETSTORMid:166433

Trust: 0.2

db:PACKETSTORMid:166431

Trust: 0.2

db:PACKETSTORMid:169540

Trust: 0.2

db:CNVDid:CNVD-2022-04539

Trust: 0.1

db:VULHUBid:VHN-411549

Trust: 0.1

db:PACKETSTORMid:169217

Trust: 0.1

sources: VULHUB: VHN-411549 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 168578 // PACKETSTORM: 169217 // PACKETSTORM: 169788 // PACKETSTORM: 169540 // CNNVD: CNNVD-202201-637 // NVD: CVE-2022-22823

REFERENCES

url:https://security.gentoo.org/glsa/202209-24

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Trust: 1.7

url:https://www.tenable.com/security/tns-2022-05

Trust: 1.7

url:https://www.debian.org/security/2022/dsa-5073

Trust: 1.7

url:https://github.com/libexpat/libexpat/pull/539

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2022/01/17/3

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-22823

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-22825

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22826

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22824

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22822

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-46143

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2022-22827

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072710

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022031627

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1154

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022022416

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022041954

Trust: 0.6

url:https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271

Trust: 0.6

url:https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022020902

Trust: 0.6

url:https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.2171

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4174

Trust: 0.6

url:https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022021418

Trust: 0.6

url:https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032843

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070605

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5666

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032445

Trust: 0.6

url:https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072065

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1263

Trust: 0.6

url:https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022060617

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042116

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022032013

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022033002

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011713

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0749

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0626

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3299

Trust: 0.6

url:https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html

Trust: 0.6

url:https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0369

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1677

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022070734

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-45960

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-23852

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22824

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22823

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22822

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22827

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-46143

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22825

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-22826

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2022-25315

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-23852

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25235

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2021-45960

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-25236

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2022-0261

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-1025

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23177

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-31566

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23219

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0361

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0261

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-23308

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24407

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0318

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24731

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23218

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3999

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-24730

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23308

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0413

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0392

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0361

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-24730

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23177

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0359

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0318

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-0392

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-1025

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0413

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2022-0359

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3999

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-31566

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25236

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-25235

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-23990

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25710

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-0811

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-0811

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-25709

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:1041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-24731

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25315

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-40674

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25314

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-25313

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/expat

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7692

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25313

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-41524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-23990

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2022-25314

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2022:7144

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-39275

Trust: 0.1

sources: VULHUB: VHN-411549 // PACKETSTORM: 166431 // PACKETSTORM: 166433 // PACKETSTORM: 168578 // PACKETSTORM: 169217 // PACKETSTORM: 169788 // PACKETSTORM: 169540 // CNNVD: CNNVD-202201-637 // NVD: CVE-2022-22823

CREDITS

Siemens notified CISA of these vulnerabilities.

Trust: 0.6

sources: CNNVD: CNNVD-202201-637

SOURCES

db:VULHUBid:VHN-411549
db:PACKETSTORMid:166431
db:PACKETSTORMid:166433
db:PACKETSTORMid:168578
db:PACKETSTORMid:169217
db:PACKETSTORMid:169788
db:PACKETSTORMid:169540
db:CNNVDid:CNNVD-202201-637
db:NVDid:CVE-2022-22823

LAST UPDATE DATE

2024-11-20T21:07:02.072000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-411549date:2022-10-06T00:00:00
db:CNNVDid:CNNVD-202201-637date:2022-11-09T00:00:00
db:NVDid:CVE-2022-22823date:2022-10-06T14:47:42.973

SOURCES RELEASE DATE

db:VULHUBid:VHN-411549date:2022-01-10T00:00:00
db:PACKETSTORMid:166431date:2022-03-24T14:34:35
db:PACKETSTORMid:166433date:2022-03-24T14:36:50
db:PACKETSTORMid:168578date:2022-09-30T14:56:43
db:PACKETSTORMid:169217date:2022-02-28T20:12:00
db:PACKETSTORMid:169788date:2022-11-08T13:52:57
db:PACKETSTORMid:169540date:2022-10-27T13:05:19
db:CNNVDid:CNNVD-202201-637date:2022-01-10T00:00:00
db:NVDid:CVE-2022-22823date:2022-01-10T14:12:56.270