CVE-2022-43680

Updated: 2024-05-15 00:20:14.790737

Description:

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS expat 2.0.1 7.5 HIGH Released CLSA-2022:1667493762 2022-11-17 13:21:57
CentOS 7 ELS expat 2.1.0 7.5 HIGH Released CLSA-2023:1696877712 2023-10-09 17:08:40
CentOS 8.4 ELS expat 2.2.5 7.5 HIGH Released CLSA-2022:1667494718 2022-11-03 13:04:37
CentOS 8.5 ELS expat 2.2.5 7.5 HIGH Released CLSA-2022:1667495485 2022-11-03 14:02:39
CloudLinux 6 ELS expat 2.0.1 7.5 HIGH Released CLSA-2022:1667496325 2022-11-17 13:21:57
Oracle Linux 6 ELS expat 2.0.1 7.5 HIGH Released CLSA-2022:1667412057 2022-11-02 14:02:37
Ubuntu 16.04 ELS expat 2.1.0 7.5 HIGH Released CLSA-2022:1667412749 2022-11-02 17:02:43
Ubuntu 18.04 ELS expat 2.2.5-3 7.5 HIGH Already Fixed 2023-06-02 09:09:52