vulnerability

Oracle Linux: CVE-2022-25315: ELSA-2022-0850: thunderbird security update (IMPORTANT) (Multiple Advisories)

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 19, 2022
Added
Mar 11, 2022
Modified
Jan 7, 2025

Description

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.

Solution(s)

oracle-linux-upgrade-expatoracle-linux-upgrade-expat-develoracle-linux-upgrade-expat-staticoracle-linux-upgrade-firefoxoracle-linux-upgrade-thunderbird
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.