Details of VAR-202202-0050

ID

VAR-202202-0050

CVE

CVE-2022-25235

TITLE

Expat Encoding and escaping vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-003475

DESCRIPTION

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Expat ( alias libexpat) Exists in encoding and escaping vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Description: OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 2000478 - Using deprecated 1.25 API calls 2022742 - NNCP creation fails when node of a cluster is unavailable 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2028619 - policy/v1beta1 PodDisruptionBudget is deprecated in v1.21+, unavailable in v1.25+ 2029359 - NodeNetworkConfigurationPolicy refreshes all the conditions even if the policy has not gone to that state 2032837 - Add/remove label to priority class are not reconciled properly left HCO in Unknown status. 2033385 - Bug in kubernetes labels that are attached to the CNV logs 2038814 - [CNV-4.10-rhel9] hyperconverged-cluster-cli-download pod CrashLoopBackOff state 2039019 - Fix Top consumers dashboard 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2046686 - Importer pod keeps in retarting when dataimportcron has a reference to invalid image sha 2049990 - must-gather: must-gather is logging errors about upstream only namespaces 2053390 - No DataImportCron for CentOS 7 2054778 - PVC created with filesystem volume mode in some cases, instead of block volume mode 2054782 - DataImportCron status does not show failure when failing to create dataSource 2055304 - [4.10.z] nmstate interprets interface names as float64 and subsequently crashes on state update 2055950 - cnv installation should set empty node selector for openshift-cnv namespace 2056421 - non-privileged user cannot add disk as it cannot update resource "virtualmachines/addvolume" 2056464 - nmstate-webhook pods getting scheduled on the same node 2056619 - [4.10.z] kubemacpool-mac-controller-manager not ready 2057142 - CDI aggregate roles missing some types 2057148 - Cross namespace smart clone may get stuck in NamespaceTransferInProgress phase 2057613 - nmpolicy capture - race condition when appying teardown nncp; nnce fails 2059185 - must-gather: Must-gather gather_vms_details is not working when used with a list of vms 2059613 - Must-gather: for vms with longer name, gather_vms_details fails to collect qemu, dump xml logs 2062227 - sriovLiveMigration should not be enabled on sno clusters 2062321 - when update attempt of hco.spec with storage classes failed, csv git stuck in installing state 2063991 - On upgraded cluster, "v2v-vmware" is present under hco.status.relatedObject 2065308 - CNV disables LiveMigration FG, but leaves LiveMigration workloadUpdateStrategy enabled 2065743 - 4.10.1 containers 2065755 - 4.10.1 rpms 2066086 - DataImportCrons do not automatically recover from unconfigured default storage class 2066712 - [4.10.z] Migration of vm from VMware reports pvc not large enough 2069055 - [4.10.z] On an upgraded cluster NetworkAddonsConfig seems to be reconciling in a loop 2070050 - [4.10.1] Custom guest PCI address and boot order parameters are not respected in a list of multiple SR-IOV NICs 2073880 - Cannot create VM on SNO cluster as live migration feature is not enabled 2077920 - Migration in sequence can be reported as failed even when it succeeded 2078878 - SSP: Common templates fix to pick right templates 5. 6 ELS) - i386, s390x, x86_64 3. Description: Expat is a C library for parsing XML documents. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.7.0. Bugs fixed (https://bugzilla.redhat.com/): 2055591 - CVE-2022-0566 thunderbird: Crafted email could trigger an out-of-bounds write 2056363 - CVE-2022-25315 expat: Integer overflow in storeRawNames() 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 2056370 - CVE-2022-25236 expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution 2061735 - CVE-2022-26486 Mozilla: Use-after-free in WebGPU IPC Framework 2061736 - CVE-2022-26485 Mozilla: Use-after-free in XSLT parameter processing 2062220 - CVE-2022-26383 Mozilla: Browser window spoof using fullscreen mode 2062221 - CVE-2022-26384 Mozilla: iframe allow-scripts sandbox bypass 2062222 - CVE-2022-26387 Mozilla: Time-of-check time-of-use bug when verifying add-on signatures 2062223 - CVE-2022-26381 Mozilla: Use-after-free in text reflows 2062224 - CVE-2022-26386 Mozilla: Temporary files downloaded to /tmp and accessible by other local users 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: xmlrpc-c security update Advisory ID: RHSA-2022:1540-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1540 Issue date: 2022-04-26 CVE Names: CVE-2022-25235 ===================================================================== 1. Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: xmlrpc-c-1.51.0-5.el8_2.1.src.rpm aarch64: xmlrpc-c-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.aarch64.rpm ppc64le: xmlrpc-c-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.ppc64le.rpm s390x: xmlrpc-c-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.s390x.rpm x86_64: xmlrpc-c-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.aarch64.rpm ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.ppc64le.rpm s390x: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.s390x.rpm x86_64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmga9tzjgjWX9erEAQiBNg/9GM5tS+fh5NKoFDWH6r0YxnVsL2IPedN1 AV1KYGoJsAPU1z0MtZixPj5dNxKqcSomgl7GpLO4jkOKMhHktCipVS5tOzpGspY5 nAUKk5ANRH7AeQUJAnP0IaO28cVVerLZvk/ZxA5XcXCcdM8WofjQ8aXKk69T6ctX rKWR9Xw7MpOXxpV9xu2t+eU4MGeuONfqNclUYolUFpYv6JrPdzLCWmXNixCQGAPW D9d2gbLt80L+Z5JkBzZWSkSpItrQs3BD6wcgQIFxl7tgbOlsgo4H7qX4N4g1QgL+ 1V4E+fxlhnAg0vL4g7RG+GkfEesjJXEiUWFbd02beqWy4+G2B1GEYdH0HCp5NffH Y1RRz2hmaOh4QRBNnpvLQvKazqyGrLnk8bAQQIiYjNqceqR4IKYSMYlsHes7v1MJ 7/k6EKs3FrXlcJWpjwNXt2xHWw5Py9rIrlEMiS4ag0tbAhFPscs0TkFeAPCxSVtr oZRTOhwv/wHUb57/V9xMDr6POK5rLB3I2mb8L61169/ph+BM4NIziaDfr4q/5nvx oqWuxe99Q1GTX6+AoeGlZLkp4GY11/tRT+ZaLvNqsWZV98FUeJcXJAh/X0qaYcuF xAI5xHHv56GPOqGMwxEZO17TxeA35WDLvsYjM3mVfLblWsM4FGjKVBdqMBR9o0rn SA1L555kQjg= =Cvpq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.34

sources: NVD: CVE-2022-25235 // JVNDB: JVNDB-2022-003475 // VULHUB: VHN-415126 // PACKETSTORM: 166844 // PACKETSTORM: 167226 // PACKETSTORM: 166703 // PACKETSTORM: 166500 // PACKETSTORM: 166298 // PACKETSTORM: 166296 // PACKETSTORM: 166845

AFFECTED PRODUCTS

vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.4.5	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	オラクル	model:	zfs storage appliance kit	scope:	-	version:	-	Trust: 0.8
vendor:	libexpat	model:	libexpat	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	日立高信頼サーバ rv3000	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	-	version:	-	Trust: 0.8
vendor:	オラクル	model:	oracle http server	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-003475 // NVD: CVE-2022-25235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25235
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-25235
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-25235
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202202-1315
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-415126
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-25235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-415126
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-25235
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2022-25235
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-415126 // CNNVD: CNNVD-202202-1315 // JVNDB: JVNDB-2022-003475 // NVD: CVE-2022-25235 // NVD: CVE-2022-25235

PROBLEMTYPE DATA

problemtype:	CWE-116	Trust: 1.1
problemtype:	Improper encoding or output escaping (CWE-116) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-415126 // JVNDB: JVNDB-2022-003475 // NVD: CVE-2022-25235

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 166844 // PACKETSTORM: 166845 // CNNVD: CNNVD-202202-1315

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-202202-1315

PATCH

title:

hitachi-sec-2023-204

url:

https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-003475

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25235	Trust: 4.0
db:	SIEMENS	id:	SSA-484086	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2022/02/19/1	Trust: 1.7
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 1.4
db:	PACKETSTORM	id:	167226	Trust: 0.8
db:	PACKETSTORM	id:	166500	Trust: 0.8
db:	PACKETSTORM	id:	166296	Trust: 0.8
db:	ICS CERT	id:	ICSA-23-278-01	Trust: 0.8
db:	JVN	id:	JVNVU99030761	Trust: 0.8
db:	JVN	id:	JVNVU97425465	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-003475	Trust: 0.8
db:	PACKETSTORM	id:	166453	Trust: 0.7
db:	PACKETSTORM	id:	167008	Trust: 0.7
db:	PACKETSTORM	id:	166983	Trust: 0.7
db:	PACKETSTORM	id:	166954	Trust: 0.7
db:	PACKETSTORM	id:	166348	Trust: 0.7
db:	PACKETSTORM	id:	166275	Trust: 0.7
db:	PACKETSTORM	id:	169777	Trust: 0.7
db:	PACKETSTORM	id:	166437	Trust: 0.7
db:	PACKETSTORM	id:	166414	Trust: 0.7
db:	PACKETSTORM	id:	168578	Trust: 0.7
db:	PACKETSTORM	id:	166703	Trust: 0.7
db:	PACKETSTORM	id:	166845	Trust: 0.7
db:	PACKETSTORM	id:	166638	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0934	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1677	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5749	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5666	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4174	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1154	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1507	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0946	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1861	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1579	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0749	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0785.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1295	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1023	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1263	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2024	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1069	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2607	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2476	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3299	Trust: 0.6
db:	CS-HELP	id:	SB2022040715	Trust: 0.6
db:	CS-HELP	id:	SB2022050424	Trust: 0.6
db:	CS-HELP	id:	SB2022033002	Trust: 0.6
db:	CS-HELP	id:	SB2022070605	Trust: 0.6
db:	CS-HELP	id:	SB2022032224	Trust: 0.6
db:	CS-HELP	id:	SB2022032922	Trust: 0.6
db:	CS-HELP	id:	SB2022060617	Trust: 0.6
db:	CS-HELP	id:	SB2022032445	Trust: 0.6
db:	CS-HELP	id:	SB2022052423	Trust: 0.6
db:	CS-HELP	id:	SB2022031020	Trust: 0.6
db:	CS-HELP	id:	SB2022060122	Trust: 0.6
db:	CS-HELP	id:	SB2022031627	Trust: 0.6
db:	CS-HELP	id:	SB2022032005	Trust: 0.6
db:	CS-HELP	id:	SB2022022109	Trust: 0.6
db:	CS-HELP	id:	SB2022031428	Trust: 0.6
db:	CS-HELP	id:	SB2022051320	Trust: 0.6
db:	CS-HELP	id:	SB2022031108	Trust: 0.6
db:	CS-HELP	id:	SB2022042116	Trust: 0.6
db:	CS-HELP	id:	SB2022022416	Trust: 0.6
db:	CS-HELP	id:	SB2022072710	Trust: 0.6
db:	CS-HELP	id:	SB2022032843	Trust: 0.6
db:	CS-HELP	id:	SB2022042629	Trust: 0.6
db:	CS-HELP	id:	SB2022022411	Trust: 0.6
db:	CS-HELP	id:	SB2022061722	Trust: 0.6
db:	CS-HELP	id:	SB2022041954	Trust: 0.6
db:	CS-HELP	id:	SB2022072065	Trust: 0.6
db:	CS-HELP	id:	SB2022072607	Trust: 0.6
db:	CS-HELP	id:	SB2022041272	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-1315	Trust: 0.6
db:	PACKETSTORM	id:	166298	Trust: 0.2
db:	PACKETSTORM	id:	166277	Trust: 0.1
db:	PACKETSTORM	id:	166293	Trust: 0.1
db:	PACKETSTORM	id:	166276	Trust: 0.1
db:	PACKETSTORM	id:	166433	Trust: 0.1
db:	PACKETSTORM	id:	166505	Trust: 0.1
db:	PACKETSTORM	id:	166496	Trust: 0.1
db:	PACKETSTORM	id:	166261	Trust: 0.1
db:	PACKETSTORM	id:	166291	Trust: 0.1
db:	PACKETSTORM	id:	166300	Trust: 0.1
db:	PACKETSTORM	id:	166274	Trust: 0.1
db:	CNVD	id:	CNVD-2022-18356	Trust: 0.1
db:	VULHUB	id:	VHN-415126	Trust: 0.1
db:	PACKETSTORM	id:	166844	Trust: 0.1

sources: VULHUB: VHN-415126 // PACKETSTORM: 166844 // PACKETSTORM: 167226 // PACKETSTORM: 166703 // PACKETSTORM: 166500 // PACKETSTORM: 166298 // PACKETSTORM: 166296 // PACKETSTORM: 166845 // CNNVD: CNNVD-202202-1315 // JVNDB: JVNDB-2022-003475 // NVD: CVE-2022-25235

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 2.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20220303-0008/	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5085	Trust: 1.7
url:	https://security.gentoo.org/glsa/202209-24	Trust: 1.7
url:	https://github.com/libexpat/libexpat/pull/562	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2022/02/19/1	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/	Trust: 1.0
url:	https://jvn.jp/vu/jvnvu99030761/index.html	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu97425465/index.html	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-17	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-278-01	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://access.redhat.com/articles/11258	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072710	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1295	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022416	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022411	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040715	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4174	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070605	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2476	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032224	Trust: 0.6
url:	https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5666	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5749	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022109	Trust: 0.6
url:	https://packetstormsecurity.com/files/166845/red-hat-security-advisory-2022-1540-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060617	Trust: 0.6
url:	https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0749	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0946	Trust: 0.6
url:	https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0785.2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3299	Trust: 0.6
url:	https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1677	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050424	Trust: 0.6
url:	https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031428	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031627	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1154	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041272	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2607	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041954	Trust: 0.6
url:	https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608	Trust: 0.6
url:	https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032843	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1507	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051320	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0934	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032922	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072607	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032005	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032445	Trust: 0.6
url:	https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1069	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1861	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1023	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072065	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1263	Trust: 0.6
url:	https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042116	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022061722	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031020	Trust: 0.6
url:	https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042629	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022033002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060122	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031108	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2024	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052423	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1579	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2022-26485	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-26386	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-0566	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-26387	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26386	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26383	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26486	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26387	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26381	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-26384	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-26383	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26485	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-26486	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26384	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0566	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-26381	Trust: 0.2
url:	https://access.redhat.com/errata/rhsa-2022:1539	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41190	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21698	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36221	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-36221	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21698	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4668	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24407	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1309	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1068	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0845	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0847	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1540	Trust: 0.1

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 166844 // PACKETSTORM: 167226 // PACKETSTORM: 166703 // PACKETSTORM: 166500 // PACKETSTORM: 166298 // PACKETSTORM: 166296 // PACKETSTORM: 166845

SOURCES

db:	VULHUB	id:	VHN-415126
db:	PACKETSTORM	id:	166844
db:	PACKETSTORM	id:	167226
db:	PACKETSTORM	id:	166703
db:	PACKETSTORM	id:	166500
db:	PACKETSTORM	id:	166298
db:	PACKETSTORM	id:	166296
db:	PACKETSTORM	id:	166845
db:	CNNVD	id:	CNNVD-202202-1315
db:	JVNDB	id:	JVNDB-2022-003475
db:	NVD	id:	CVE-2022-25235

LAST UPDATE DATE

2026-02-06T19:55:47.276000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-415126	date:	2022-10-07T00:00:00
db:	CNNVD	id:	CNNVD-202202-1315	date:	2022-11-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-003475	date:	2023-10-10T06:16:00
db:	NVD	id:	CVE-2022-25235	date:	2025-05-05T17:18:00.623

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-415126	date:	2022-02-16T00:00:00
db:	PACKETSTORM	id:	166844	date:	2022-04-27T17:30:03
db:	PACKETSTORM	id:	167226	date:	2022-05-19T15:53:21
db:	PACKETSTORM	id:	166703	date:	2022-04-12T18:00:30
db:	PACKETSTORM	id:	166500	date:	2022-03-28T15:55:03
db:	PACKETSTORM	id:	166298	date:	2022-03-14T18:51:13
db:	PACKETSTORM	id:	166296	date:	2022-03-14T18:49:48
db:	PACKETSTORM	id:	166845	date:	2022-04-27T17:30:31
db:	CNNVD	id:	CNNVD-202202-1315	date:	2022-02-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-003475	date:	2023-02-21T00:00:00
db:	NVD	id:	CVE-2022-25235	date:	2022-02-16T01:15:07.607