aosc-os-abbs icon indicating copy to clipboard operation
aosc-os-abbs copied to clipboard

Published 20 hours ago verified publisher icon AOSC-Dev

expat: CVE-2022-40674

Open CamberLoid opened this issue 2 years ago • 0 comments

CVE IDs

CVE-2022-40674

Other security advisory IDs

Debian: https://security-tracker.debian.org/tracker/DSA-5236-1 Gentoo: https://security.gentoo.org/glsa/202209-24 (An advisory with multiple vulnerabilities, including 40674)

Description

Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

References:

  • https://github.com/libexpat/libexpat/pull/629 (Fix)
  • https://github.com/libexpat/libexpat/pull/640 (Test)
  • https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b

Patches

N/A, or see commit in references above.

PoC(s)

N/A

CamberLoid avatar Oct 11 '22 11:10 CamberLoid