Home

CVE-2022-25314

Description

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.365

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Nessus 8.15.5Windows
Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.2.0.20130)Windows
Multiple vulnerabilities are fixed in Nessus Agent (10.2.0.20130)Windows
Multiple vulnerabilities are fixed in Tenable Nessus 8.15.5Windows
Multiple vulnerabilities are fixed in Tenable Nessus 10.2.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7Windows
Vulnerabilities CVE-2022-25314 are affected in Expat XML Parser 2.4.3Windows
expat security update(DSA-5085-1) expat_2.2.6-2+deb10u3_i386.debLinux
expat security update(DSA-5085-1) expat_2.2.6-2+deb10u3_amd64.debLinux
expat security update(DSA-5085-1) expat_2.2.10-2+deb11u2_amd64.debLinux
XML parsing C library (USN-5320-1) libexpat1_2.2.5-3ubuntu0.7_i386.debLinux
XML parsing C library (USN-5320-1) libexpat1_2.2.5-3ubuntu0.7_amd64.debLinux
XML parsing C library (USN-5320-1) libexpat1_2.2.9-1ubuntu0.4_i386.debLinux
XML parsing C library (USN-5320-1) libexpat1_2.2.9-1ubuntu0.4_amd64.debLinux
XML parsing C library (USN-5320-1) libexpat1_2.4.1-2ubuntu0.3_i386.debLinux
XML parsing C library (USN-5320-1) libexpat1_2.4.1-2ubuntu0.3_amd64.debLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-32bit-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debugsource-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-32bit-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-2.1.0-21.18.1.x86_64.rpmLinux
SUSE-SU-2022:0698-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-32bit-2.1.0-21.18.1.x86_64.rpmLinux
(RHSA-2022:5314) expat security update expat-2.2.5-8.el8_6.2.i686.rpmLinux
(RHSA-2022:5314) expat security update expat-2.2.5-8.el8_6.2.x86_64.rpmLinux
(RHSA-2022:5314) expat security update expat-debugsource-2.2.5-8.el8_6.2.i686.rpmLinux
(RHSA-2022:5314) expat security update expat-debugsource-2.2.5-8.el8_6.2.x86_64.rpmLinux
(RHSA-2022:5314) expat security update expat-devel-2.2.5-8.el8_6.2.i686.rpmLinux
(RHSA-2022:5314) expat security update expat-devel-2.2.5-8.el8_6.2.x86_64.rpmLinux
Expat update (ELSA-2022-5314) expat-2.2.5-8.0.1.el8_6.2.i686.rpmLinux
Expat update (ELSA-2022-5314) expat-2.2.5-8.0.1.el8_6.2.x86_64.rpmLinux
Expat-devel update (ELSA-2022-5314) expat-devel-2.2.5-8.0.1.el8_6.2.i686.rpmLinux
Expat-devel update (ELSA-2022-5314) expat-devel-2.2.5-8.0.1.el8_6.2.x86_64.rpmLinux
Expat update (ELSA-2022-5244) expat-2.2.10-12.el9_0.2.i686.rpmLinux
Expat update (ELSA-2022-5244) expat-2.2.10-12.el9_0.2.x86_64.rpmLinux
Expat-devel update (ELSA-2022-5244) expat-devel-2.2.10-12.el9_0.2.i686.rpmLinux
Expat-devel update (ELSA-2022-5244) expat-devel-2.2.10-12.el9_0.2.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
expat Security Update (ALAS2023-2023-058) expat-2.5.0-1.amzn2023.0.2.x86_64.rpmLinux
expat Security Update (ALAS2023-2023-058) expat-devel-2.5.0-1.amzn2023.0.2.x86_64.rpmLinux
expat Security Update (ALAS2023-2023-058) expat-static-2.5.0-1.amzn2023.0.2.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-346982Nessus Agent (x64) (10.8.4) (Manual Upload Required)
PATCH-346981Nessus Agent (10.8.4) (Manual Upload Required)
PATCH-351818Expat XML Parser (2.7.3)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234