RHSA-2022:0951-01 -- Redhat expatID: oval:org.secpod.oval:def:506735 | Date: (C)2022-03-24 (M)2024-04-25 |
Class: PATCH | Family: unix |
Expat is a C library for parsing XML documents. Security Fix: * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution * expat: Namespace-separator characters in xmlns[:prefix] attribute values can lead to arbitrary code execution * expat: Integer overflow in storeRawNames * expat: Large number of prefixed XML attributes on a single tag can crash libexpat * expat: Integer overflow in doProlog in xmlparse.c * expat: Integer overflow in addBinding in xmlparse.c * expat: Integer overflow in build_model in xmlparse.c * expat: Integer overflow in defineAttribute in xmlparse.c * expat: Integer overflow in lookup in xmlparse.c * expat: Integer overflow in nextScaffoldPart in xmlparse.c * expat: Integer overflow in storeAtts in xmlparse.c * expat: Integer overflow in function XML_GetBuffer For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.
Platform: |
Red Hat Enterprise Linux 8 |