{"id":"CLSA-2022-1660757175","summary":"Fixed 15 CVEs in expat","details":"- CVE-2022-25236: Fix insertion of namespace-separator characters into\n  namespace URIs\n- CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to\n  arbitrary code execution\n- CVE-2022-25315: Fix integer overflow in storeRawNames()\n- CVE-2022-22822: Fix integer overflow in addBinding()\n- CVE-2022-22823: Fix integer overflow in build_model()\n- CVE-2022-22824: Fix integer overflow in defineAttribute()\n- CVE-2022-22825: Fix integer overflow in lookup()\n- CVE-2022-22826: Fix integer overflow in nextScaffoldPart()\n- CVE-2022-22827: Fix integer overflow in storeAtts()\n- CVE-2022-23852: Fix integer overflow in XML_GetBuffer()\n- CVE-2021-46143: Fix integer overflow on m_groupSize in doProlog()\n- CVE-2021-45960: Fix troublesome left shifts in storeAtts()\n- CVE-2022-23990: Fix integer overflow in doProlog()\n- CVE-2022-25313: Fix stack exhaustion in build_model()\n- CVE-2022-25314: Fix integer overflow in copyString()","modified":"2026-05-27T11:35:25.564134067Z","published":"2022-08-17T17:26:15Z","upstream":["CVE-2021-45960","CVE-2021-46143","CVE-2022-22822","CVE-2022-22823","CVE-2022-22824","CVE-2022-22825","CVE-2022-22826","CVE-2022-22827","CVE-2022-23852","CVE-2022-23990","CVE-2022-25235","CVE-2022-25236","CVE-2022-25313","CVE-2022-25314","CVE-2022-25315"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/centos8.4-els/CLSA-2022-1660757175.html"}],"affected":[{"package":{"name":"expat","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/expat?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-4.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1660757175.json"}},{"package":{"name":"expat-devel","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/expat-devel?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-4.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1660757175.json"}},{"package":{"name":"expat-static","ecosystem":"TuxCare:CentOS:8.4","purl":"pkg:rpm/tuxcare/expat-static?distro=centos-8.4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.5-4.el8.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos8.4els/CLSA-2022-1660757175.json"}}],"schema_version":"1.7.5"}