{"id":"MGASA-2022-0031","summary":"Updated expat packages fix security vulnerability","details":"In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places\nin the storeAtts function in xmlparse.c can lead to realloc misbehavior\n(e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)\n\nIn doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer\noverflow exists for m_groupSize. (CVE-2021-46143)\n\naddBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22822)\n\nbuild_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22823)\n\ndefineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22824)\n\nlookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer\noverflow. (CVE-2022-22825)\n\nnextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22826)\n\nstoreAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22827)\n","modified":"2026-04-16T00:09:13.145313238Z","published":"2022-01-25T12:13:11Z","upstream":["CVE-2021-45960","CVE-2021-46143","CVE-2022-22822","CVE-2022-22823","CVE-2022-22824","CVE-2022-22825","CVE-2022-22826","CVE-2022-22827"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0031.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29902"},{"type":"WEB","url":"https://blog.hartwork.org/posts/expat-2-4-3-released/"},{"type":"WEB","url":"https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes"}],"affected":[{"package":{"name":"expat","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/expat?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.10-1.1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0031.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}