Updated: 2024-05-15 00:20:14.790737
Description:
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | expat | 2.0.1 | 7.5 | HIGH | Released | CLSA-2022:1667493762 | 2022-11-17 13:21:57 |
CentOS 7 ELS | expat | 2.1.0 | 7.5 | HIGH | Released | CLSA-2023:1696877712 | 2023-10-09 17:08:40 |
CentOS 8.4 ELS | expat | 2.2.5 | 7.5 | HIGH | Released | CLSA-2022:1667494718 | 2022-11-03 13:04:37 |
CentOS 8.5 ELS | expat | 2.2.5 | 7.5 | HIGH | Released | CLSA-2022:1667495485 | 2022-11-03 14:02:39 |
CloudLinux 6 ELS | expat | 2.0.1 | 7.5 | HIGH | Released | CLSA-2022:1667496325 | 2022-11-17 13:21:57 |
Oracle Linux 6 ELS | expat | 2.0.1 | 7.5 | HIGH | Released | CLSA-2022:1667412057 | 2022-11-02 14:02:37 |
Ubuntu 16.04 ELS | expat | 2.1.0 | 7.5 | HIGH | Released | CLSA-2022:1667412749 | 2022-11-02 17:02:43 |
Ubuntu 18.04 ELS | expat | 2.2.5-3 | 7.5 | HIGH | Already Fixed | 2023-06-02 09:09:52 |