CVE-2022-22827 - OpenCVE

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Tenable	Nessus
Libexpat Project	Libexpat
Siemens	Sinema Remote Connect Server

Configuration 1 [-]

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:tenable:nessus::::::::
	cpe:2.3:a:tenable:nessus::::::::

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 [-]

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/01/17/3	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Third Party Advisory
https://github.com/libexpat/libexpat/pull/539	Third Party Advisory
https://security.gentoo.org/glsa/202209-24	Third Party Advisory
https://www.debian.org/security/2022/dsa-5073	Third Party Advisory
https://www.tenable.com/security/tns-2022-05	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-08T02:56:30

Updated: 2022-09-29T16:07:18

Reserved: 2022-01-08T00:00:00

Link: CVE-2022-22827

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-10T14:12:57.363

Modified: 2022-10-06T12:52:17.230

Link: CVE-2022-22827

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T16:07:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/pull/539"}, {"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2022-05"}, {"name": "DSA-5073", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5073"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "GLSA-202209-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202209-24"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-22827", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/libexpat/libexpat/pull/539", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/pull/539"}, {"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"name": "https://www.tenable.com/security/tns-2022-05", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2022-05"}, {"name": "DSA-5073", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5073"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "GLSA-202209-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-24"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-22827", "datePublished": "2022-01-08T02:56:30", "dateReserved": "2022-01-08T00:00:00", "dateUpdated": "2022-09-29T16:07:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A2FBF20-7B2C-49FF-83F8-1EF903078751", "versionEndExcluding": "2.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "C42F5145-1F37-40E2-AD83-495F7012BC3D", "versionEndExcluding": "8.15.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "112367D4-EF51-4050-834C-7E887A5C52D9", "versionEndExcluding": "10.1.1", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow."}, {"lang": "es", "value": "la funci\u00f3n storeAtts en el archivo xmlparse.c en Expat (tambi\u00e9n se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros"}], "id": "CVE-2022-22827", "lastModified": "2022-10-06T12:52:17.230", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-10T14:12:57.363", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/pull/539"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-24"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5073"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2022-05"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}