9.8

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libexpat ProjectLibexpat Version < 2.4.5
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
FedoraprojectFedora Version34
FedoraprojectFedora Version35
OracleHTTP Server Version12.2.1.3.0
OracleHTTP Server Version12.2.1.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.96% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-116 Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Third Party Advisory
https://security.gentoo.org/glsa/202209-24
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2022/02/19/1
Third Party Advisory
Mailing List
https://github.com/libexpat/libexpat/pull/562
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
https://security.netapp.com/advisory/ntap-20220303-0008/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5085
Third Party Advisory