vulnerability
Oracle Linux: CVE-2022-22826: ELSA-2022-0951: expat security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jan 15, 2022 | Mar 17, 2022 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jan 15, 2022
Added
Mar 17, 2022
Modified
Dec 3, 2025
Description
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
Solutions
oracle-linux-upgrade-expatoracle-linux-upgrade-expat-develoracle-linux-upgrade-expat-staticoracle-linux-upgrade-xmlrpc-coracle-linux-upgrade-xmlrpc-c-coracle-linux-upgrade-xmlrpc-c-clientoracle-linux-upgrade-xmlrpc-c-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.