Vulnerability CVE-2022-43680: Information
Description
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| expat | sisyphus | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2022-2958-1 | 309227 | Fixed |
| expat | sisyphus_e2k | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2022-6836-1 | - | Fixed |
| expat | sisyphus_riscv64 | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2022-6844-1 | - | Fixed |
| expat | p10 | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2023-4144-2 | 324220 | Fixed |
| expat | p10_e2k | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2023-5082-1 | - | Fixed |
| expat | c10f1 | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2023-4120-1 | 324221 | Fixed |
| expat | c9f2 | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2023-4107-2 | 324219 | Fixed |
| expat | p11 | 2.5.0-alt1 | 2.5.0-alt1 | ALT-PU-2022-2958-1 | 309227 | Fixed |
| poco | sisyphus | 1.12.4-alt1 | 1.12.5p1-alt1 | ALT-PU-2022-2969-1 | 309335 | Fixed |
| poco | sisyphus_e2k | 1.12.4-alt1.1 | 1.12.4-alt2 | ALT-PU-2022-7317-1 | - | Fixed |
| poco | p10 | 1.12.4-alt2 | 1.12.4-alt2 | ALT-PU-2022-3329-1 | 311320 | Fixed |
| poco | p10_e2k | 1.12.4-alt2 | 1.12.4-alt2 | ALT-PU-2022-7414-1 | - | Fixed |
| poco | c10f1 | 1.12.4-alt2 | 1.12.4-alt2 | ALT-PU-2022-3329-1 | 311320 | Fixed |
| poco | p11 | 1.12.4-alt1 | 1.12.5p1-alt1 | ALT-PU-2022-2969-1 | 309335 | Fixed |