CVE-2022-25236

Updated: 2026-02-27 01:52:20.180311

Description:

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.5
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
CentOS 6 ELS expat 2.0.1 9.8 CRITICAL Released CLSA-2022:1660762248 2022-08-29 14:02:38
CentOS 7 ELS expat 2.1.0 9.8 CRITICAL Already Fixed 2023-09-19 09:30:31
CentOS 8.4 ELS expat 2.2.5 9.8 CRITICAL Released CLSA-2022:1660757175 2022-08-17 14:02:32
CentOS 8.5 ELS expat 2.2.5 9.8 CRITICAL Released CLSA-2022:1660758476 2022-08-17 14:02:32
CloudLinux 6 ELS expat 2.0.1 9.8 CRITICAL Released CLSA-2022:1660820620 2022-08-29 11:02:37
Debian 10 ELS expat 2.2.6 9.8 CRITICAL Already Fixed 2025-10-15 20:19:11
Oracle Linux 6 ELS expat 2.0.1 9.8 CRITICAL Released CLSA-2022:1660759632 2022-08-17 17:02:27
Ubuntu 16.04 ELS expat 2.1.0 9.8 CRITICAL Released CLSA-2022:1660760528 2022-08-17 17:02:27
Ubuntu 18.04 ELS expat 2.2.5-3 9.8 CRITICAL Already Fixed 2023-05-29 08:56:52