ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2022-23852

Updated: 2026-02-27 02:20:51.604236

Description:

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x	HIGH	7.5
CVSS Version 3.x	CRITICAL	9.8

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated	Statement
CentOS 6 ELS	expat	2.0.1	9.8	CRITICAL	Released	CLSA-2022:1660762248	2022-08-29 14:02:27
CentOS 7 ELS	expat	2.1.0	9.8	CRITICAL	Already Fixed		2023-09-19 09:30:32
CentOS 8.4 ELS	expat	2.2.5	9.8	CRITICAL	Released	CLSA-2022:1660757175	2022-08-17 14:02:23
CentOS 8.5 ELS	expat	2.2.5	9.8	CRITICAL	Released	CLSA-2022:1660758476	2022-08-17 14:02:23
CloudLinux 6 ELS	expat	2.0.1	9.8	CRITICAL	Released	CLSA-2022:1660820620	2022-08-29 11:02:29
Debian 10 ELS	expat	2.2.6	9.8	CRITICAL	Already Fixed		2025-10-15 20:18:54
Oracle Linux 6 ELS	expat	2.0.1	9.8	CRITICAL	Released	CLSA-2022:1660759632	2022-08-17 17:02:13
Ubuntu 16.04 ELS	expat	2.1.0	9.8	CRITICAL	Released	CLSA-2022:1660760528	2022-08-17 17:02:14
Ubuntu 18.04 ELS	expat	2.2.5-3	9.8	CRITICAL	Already Fixed		2023-04-28 08:48:29