CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
libexpat_projectlibexpat
𝑥
≤ 2.4.9
debiandebian_linux
10.0
debiandebian_linux
11.0
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph410s_firmware
-
netapph410c_firmware
-
netappactive_iq_unified_manager
-
netapponcommand_workflow_automation
-
netappsolidfire_\&_hci_management_node
-
netapphci_compute_node_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
expat
bookworm
2.5.0-1
fixed
bookworm (security)
2.5.0-1+deb12u1
fixed
bullseye
2.2.10-2+deb11u5
fixed
bullseye (security)
2.2.10-2+deb11u6
fixed
sid
2.6.3-2
fixed
trixie
2.6.3-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apache2
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
apr-util
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
ayttm
bionic
dne
focal
dne
jammy
dne
trusty
ignored
xenial
needs-triage
cableswig
bionic
dne
focal
dne
jammy
dne
trusty
ignored
xenial
needs-triage
cadaver
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
cmake
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
not-affected
coin3
bionic
needs-triage
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
needs-triage
xenial
needs-triage
expat
bionic
Fixed 2.2.5-3ubuntu0.8
released
focal
Fixed 2.2.9-1ubuntu0.6
released
jammy
Fixed 2.4.7-1ubuntu0.2
released
kinetic
Fixed 2.4.8-2ubuntu0.22.10.1
released
lunar
Fixed 2.5.0-1
released
mantic
Fixed 2.5.0-1
released
noble
Fixed 2.5.0-1
released
trusty
Fixed 2.1.0-4ubuntu1.4+esm7
released
xenial
Fixed 2.1.0-7ubuntu0.16.04.5+esm7
released
firefox
bionic
ignored
focal
ignored
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
ignored
gdcm
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
not-affected
xenial
not-affected
ghostscript
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
not-affected
insighttoolkit
bionic
dne
focal
dne
jammy
dne
trusty
ignored
xenial
needs-triage
insighttoolkit4
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
dne
noble
dne
trusty
ignored
xenial
needs-triage
libxmltok
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
matanza
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
smart
bionic
not-affected
focal
dne
jammy
dne
trusty
ignored
xenial
not-affected
swish-e
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
tdom
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
texlive-bin
bionic
not-affected
focal
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
not-affected
thunderbird
bionic
ignored
focal
ignored
jammy
ignored
kinetic
ignored
lunar
ignored
mantic
ignored
noble
ignored
trusty
ignored
xenial
ignored
vnc4
bionic
needs-triage
focal
dne
jammy
dne
trusty
needs-triage
xenial
needs-triage
vtk
bionic
dne
focal
dne
jammy
dne
trusty
needs-triage
xenial
needs-triage
wbxml2
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
xmlrpc-c
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
needs-triage
xenial
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
expat
suse enterprise desktop 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise desktop 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise sap 12 SP5
2.1.0-21.28.1
fixed
suse enterprise sap 15
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise server 12 SP2
2.1.0-21.28.1
fixed
suse enterprise server 12 SP3
2.1.0-21.28.1
fixed
suse enterprise server 12 SP4
2.1.0-21.28.1
fixed
suse enterprise server 12 SP5
2.1.0-21.28.1
fixed
suse enterprise server 15
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP7
2.6.4-150700.1.4
fixed
libexpat-devel
suse enterprise desktop 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise desktop 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise sap 15
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise server 15
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP7
2.6.4-150700.1.4
fixed
libexpat1
suse enterprise desktop 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise desktop 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise sap 12 SP5
2.1.0-21.28.1
fixed
suse enterprise sap 15
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise server 12 SP2
2.1.0-21.28.1
fixed
suse enterprise server 12 SP3
2.1.0-21.28.1
fixed
suse enterprise server 12 SP4
2.1.0-21.28.1
fixed
suse enterprise server 12 SP5
2.1.0-21.28.1
fixed
suse enterprise server 15
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP7
2.6.4-150700.1.4
fixed
libexpat1-32bit
suse enterprise desktop 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise desktop 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise desktop 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise sap 12 SP5
2.1.0-21.28.1
fixed
suse enterprise sap 15
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise sap 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise sap 15 SP7
2.6.4-150700.1.4
fixed
suse enterprise server 12 SP2
2.1.0-21.28.1
fixed
suse enterprise server 12 SP3
2.1.0-21.28.1
fixed
suse enterprise server 12 SP4
2.1.0-21.28.1
fixed
suse enterprise server 12 SP5
2.1.0-21.28.1
fixed
suse enterprise server 15
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP1
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP2
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP3
2.2.5-150000.3.25.1
fixed
suse enterprise server 15 SP4
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP5
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP6
2.4.4-150400.3.12.1
fixed
suse enterprise server 15 SP7
2.6.4-150700.1.4
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
expat
RHEL 8
0:2.2.5-10.el8_7.1
fixed
RHEL 8.6 AUS
0:2.2.5-8.el8_6.4
fixed
RHEL 8.6 E4S
0:2.2.5-8.el8_6.4
fixed
RHEL 8.6 EUS
0:2.2.5-8.el8_6.4
fixed
RHEL 8.6 TUS
0:2.2.5-8.el8_6.4
fixed
RHEL 9
0:2.4.9-1.el9_1.1
fixed
expat-devel
RHEL 8
0:2.2.5-10.el8_7.1
fixed
RHEL 8.6 AUS
0:2.2.5-8.el8_6.4
fixed
RHEL 8.6 E4S
0:2.2.5-8.el8_6.4
fixed
RHEL 8.6 EUS
0:2.2.5-8.el8_6.4
fixed
RHEL 8.6 TUS
0:2.2.5-8.el8_6.4
fixed
RHEL 9
0:2.4.9-1.el9_1.1
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/12/28/5
http://www.openwall.com/lists/oss-security/2024/01/03/5
https://github.com/libexpat/libexpat/issues/649
https://github.com/libexpat/libexpat/pull/616
https://github.com/libexpat/libexpat/pull/650
https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
https://security.gentoo.org/glsa/202210-38
https://security.netapp.com/advisory/ntap-20221118-0007/
https://www.debian.org/security/2022/dsa-5266
http://www.openwall.com/lists/oss-security/2023/12/28/5
http://www.openwall.com/lists/oss-security/2024/01/03/5
https://github.com/libexpat/libexpat/issues/649
https://github.com/libexpat/libexpat/pull/616
https://github.com/libexpat/libexpat/pull/650
https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/
https://security.gentoo.org/glsa/202210-38
https://security.netapp.com/advisory/ntap-20221118-0007/
https://www.debian.org/security/2022/dsa-5266