Home

CVE-2022-23990

Description

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
3.519

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.2Windows
Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.11Windows
Multiple vulnerabilities are fixed in Nessus 8.15.5Windows
Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.2.0.20130)Windows
Multiple vulnerabilities are fixed in Nessus Agent (10.2.0.20130)Windows
Multiple vulnerabilities are fixed in Tenable Nessus 8.15.5Windows
Multiple vulnerabilities are fixed in Tenable Nessus 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7Windows
expat security update(DSA-5073-1) expat_2.2.6-2+deb10u2_amd64.debLinux
expat security update(DSA-5073-1) expat_2.2.6-2+deb10u2_i386.debLinux
expat security update(DSA-5073-1) Debian_expat_2.2.6-2+deb10u2_amd64.debLinux
expat security update(DSA-5073-1) expat_2.2.10-2+deb11u1_amd64.debLinux
XML parsing C library (USN-5288-1) libexpat1_2.2.5-3ubuntu0.7_i386.debLinux
XML parsing C library (USN-5288-1) libexpat1_2.2.5-3ubuntu0.7_amd64.debLinux
XML parsing C library (USN-5288-1) libexpat1_2.2.9-1ubuntu0.4_i386.debLinux
XML parsing C library (USN-5288-1) libexpat1_2.2.9-1ubuntu0.4_amd64.debLinux
XML parsing C library (USN-5288-1) libexpat1_2.4.1-2ubuntu0.3_i386.debLinux
XML parsing C library (USN-5288-1) libexpat1_2.4.1-2ubuntu0.3_amd64.debLinux
Expat update (ELSA-2022-9227) expat-2.1.0-12.0.1.el7.i686.rpmLinux
Expat update (ELSA-2022-9227) expat-2.1.0-12.0.1.el7.x86_64.rpmLinux
Expat-devel update (ELSA-2022-9227) expat-devel-2.1.0-12.0.1.el7.i686.rpmLinux
Expat-devel update (ELSA-2022-9227) expat-devel-2.1.0-12.0.1.el7.x86_64.rpmLinux
Expat-static update (ELSA-2022-9227) expat-static-2.1.0-12.0.1.el7.i686.rpmLinux
Expat-static update (ELSA-2022-9227) expat-static-2.1.0-12.0.1.el7.x86_64.rpmLinux
Expat update (ELSA-2022-9232) expat-2.2.5-4.0.1.el8_5.3.i686.rpmLinux
Expat update (ELSA-2022-9232) expat-2.2.5-4.0.1.el8_5.3.x86_64.rpmLinux
Expat-devel update (ELSA-2022-9232) expat-devel-2.2.5-4.0.1.el8_5.3.i686.rpmLinux
Expat-devel update (ELSA-2022-9232) expat-devel-2.2.5-4.0.1.el8_5.3.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) expat-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-32bit-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debugsource-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-32bit-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-2.1.0-21.15.1.x86_64.rpmLinux
SUSE-SU-2022:0495-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-32bit-2.1.0-21.15.1.x86_64.rpmLinux
Expat update (ELSA-2022-1069) expat-2.1.0-14.0.1.el7_9.i686.rpmLinux
Expat update (ELSA-2022-1069) expat-2.1.0-14.0.1.el7_9.x86_64.rpmLinux
Expat-devel update (ELSA-2022-1069) expat-devel-2.1.0-14.0.1.el7_9.i686.rpmLinux
Expat-devel update (ELSA-2022-1069) expat-devel-2.1.0-14.0.1.el7_9.x86_64.rpmLinux
Expat-static update (ELSA-2022-1069) expat-static-2.1.0-14.0.1.el7_9.i686.rpmLinux
Expat-static update (ELSA-2022-1069) expat-static-2.1.0-14.0.1.el7_9.x86_64.rpmLinux
Expat update (ELSA-2022-5314) expat-2.2.5-8.0.1.el8_6.2.i686.rpmLinux
Expat update (ELSA-2022-5314) expat-2.2.5-8.0.1.el8_6.2.x86_64.rpmLinux
Expat-devel update (ELSA-2022-5314) expat-devel-2.2.5-8.0.1.el8_6.2.i686.rpmLinux
Expat-devel update (ELSA-2022-5314) expat-devel-2.2.5-8.0.1.el8_6.2.x86_64.rpmLinux
Expat update (ELSA-2022-6834) expat-2.1.0-15.0.1.el7_9.i686.rpmLinux
Expat update (ELSA-2022-6834) expat-2.1.0-15.0.1.el7_9.x86_64.rpmLinux
Expat-devel update (ELSA-2022-6834) expat-devel-2.1.0-15.0.1.el7_9.i686.rpmLinux
Expat-devel update (ELSA-2022-6834) expat-devel-2.1.0-15.0.1.el7_9.x86_64.rpmLinux
Expat-static update (ELSA-2022-6834) expat-static-2.1.0-15.0.1.el7_9.i686.rpmLinux
Expat-static update (ELSA-2022-6834) expat-static-2.1.0-15.0.1.el7_9.x86_64.rpmLinux
Expat update (ELSA-2023-0103) expat-2.2.5-10.0.1.el8_7.1.i686.rpmLinux
Expat update (ELSA-2023-0103) expat-2.2.5-10.0.1.el8_7.1.x86_64.rpmLinux
Expat-devel update (ELSA-2023-0103) expat-devel-2.2.5-10.0.1.el8_7.1.i686.rpmLinux
Expat-devel update (ELSA-2023-0103) expat-devel-2.2.5-10.0.1.el8_7.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
Expat update (ELSA-2024-1615) expat-2.2.5-11.0.1.el8_9.1.i686.rpmLinux
Expat update (ELSA-2024-1615) expat-2.2.5-11.0.1.el8_9.1.x86_64.rpmLinux
Expat-devel update (ELSA-2024-1615) expat-devel-2.2.5-11.0.1.el8_9.1.i686.rpmLinux
Expat-devel update (ELSA-2024-1615) expat-devel-2.2.5-11.0.1.el8_9.1.x86_64.rpmLinux
expat Security Update (ALAS-2023-2280) expat-2.1.0-15.amzn2.0.3.i686.rpmLinux
expat Security Update (ALAS-2023-2280) expat-2.1.0-15.amzn2.0.3.x86_64.rpmLinux
expat Security Update (ALAS-2023-2280) expat-devel-2.1.0-15.amzn2.0.3.x86_64.rpmLinux
expat Security Update (ALAS-2023-2280) expat-static-2.1.0-15.amzn2.0.3.x86_64.rpmLinux
Expat update (ELSA-2024-6989) expat-2.2.5-15.0.1.el8_10.i686.rpmLinux
Expat update (ELSA-2024-6989) expat-2.2.5-15.0.1.el8_10.x86_64.rpmLinux
Expat-devel update (ELSA-2024-6989) expat-devel-2.2.5-15.0.1.el8_10.i686.rpmLinux
Expat-devel update (ELSA-2024-6989) expat-devel-2.2.5-15.0.1.el8_10.x86_64.rpmLinux
Expat update (ELSA-2024-9502) expat-2.2.5-16.0.1.el8_10.i686.rpmLinux
Expat-devel update (ELSA-2024-9502) expat-devel-2.2.5-16.0.1.el8_10.i686.rpmLinux
Expat-devel update (ELSA-2024-9502) expat-devel-2.2.5-16.0.1.el8_10.x86_64.rpmLinux
Expat update (ELSA-2024-9502) expat-2.2.5-16.0.1.el8_10.x86_64.rpmLinux
Expat update (ELSA-2025-3913) expat-2.2.5-17.0.1.el8_10.i686.rpmLinux
Expat update (ELSA-2025-3913) expat-2.2.5-17.0.1.el8_10.x86_64.rpmLinux
Expat-devel update (ELSA-2025-3913) expat-devel-2.2.5-17.0.1.el8_10.i686.rpmLinux
Expat-devel update (ELSA-2025-3913) expat-devel-2.2.5-17.0.1.el8_10.x86_64.rpmLinux
expat Security Update (ALAS2023-2023-058) expat-2.5.0-1.amzn2023.0.2.x86_64.rpmLinux
expat Security Update (ALAS2023-2023-058) expat-devel-2.5.0-1.amzn2023.0.2.x86_64.rpmLinux
expat Security Update (ALAS2023-2023-058) expat-static-2.5.0-1.amzn2023.0.2.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2022-23990)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-346982Nessus Agent (x64) (10.8.4) (Manual Upload Required)
PATCH-346981Nessus Agent (10.8.4) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234