New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
expat: Multiple vulnerabilites (CVE-2022-40674, CVE-2022-43680) #4244
Comments
CamberLoid
added a commit
that referenced
this issue
Oct 24, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
changed the title
expat: CVE-2022-40674
expat: Multiple vulnerabilites (CVE-2022-40674, CVE-2022-43680)
Nov 3, 2022
Updated information about CVE-2022-43680。 |
CamberLoid
added a commit
that referenced
this issue
Nov 3, 2022
* Fix CVE-2022-43680 * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 3, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Add "--disable-static" to manually suppress building of static library * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 10, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 10, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Add "--disable-static" to manually suppress building of static library * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 11, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 11, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Add "--disable-static" to manually suppress building of static library * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 12, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 12, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Add "--disable-static" to manually suppress building of static library * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 23, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 23, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 23, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
* Fixes CVE-2022-25236 CVE-2022-40674 Signed-off-by: Camber Huang <camber@poi.science>
CamberLoid
added a commit
that referenced
this issue
Nov 27, 2022
* Fix CVE-2022-43680 * Add a beyond file to install manpage * Sover stays at 1, therefore no rebuild is required Signed-off-by: Camber Huang <camber@poi.science>
Fixed via #4290 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE IDs
CVE-2022-40674 CVE-2022-43680
Other security advisory IDs
Debian:
Gentoo:
Description
CVE-2022-40674
Rhodri James discovered that Expat incorrectly handled memory when processing certain malformed XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.
References:
CVE-2022-43680
In expat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Fixed by libexpat/libexpat#650 libexpat/libexpat#649
Patches
N/A, or see commit in references above.
PoC(s)
N/A
The text was updated successfully, but these errors were encountered: