vulnerability
Amazon Linux 2023: CVE-2022-25315: Critical priority package update for expat
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 19, 2022 | Feb 17, 2025 | Jul 9, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 19, 2022
Added
Feb 17, 2025
Modified
Jul 9, 2025
Description
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.
An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.
Solution(s)
amazon-linux-2023-upgrade-expatamazon-linux-2023-upgrade-expat-debuginfoamazon-linux-2023-upgrade-expat-debugsourceamazon-linux-2023-upgrade-expat-develamazon-linux-2023-upgrade-expat-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.