Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Related bugs and status

CVE-2022-25236 (Candidate) is related to these bugs:

Bug #1963903: expat relax fix for CVE-2022-25236 and possible regressions

Summary				In	Importance	Status
	1963903	expat relax fix for CVE-2022-25236 and possible regressions		expat (Ubuntu)	Undecided	Fix Released

Bug #1969362: CVE-2021-45960 / CVE-2022-22822 / CVE-2022-22823 / CVE-2022-22824 / CVE-2022-23852 / CVE-2022-25235 / CVE-2022-25236 / CVE-2022-25315: expat multiple CVEs

Summary				In	Importance	Status
	1969362	CVE-2021-45960 / CVE-2022-22822 / CVE-2022-22823 / CVE-2022-22824 / CVE-2022-23852 / CVE-2022-25235 / CVE-2022-25236 / CVE-2022-25315: expat multiple CVEs		StarlingX	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/lib...
MLIST: [oss-security] 2022021...
DEBIAN: DSA-5085
FEDORA: FEDORA-2022-04f206996b
FEDORA: FEDORA-2022-3d9d67f558
CONFIRM: https://security.netap...
MLIST: [debian-lts-announce] ...
MISC: https://www.oracle.com...
MISC: http://packetstormsecu...
CONFIRM: https://cert-portal.si...
GENTOO: GLSA-202209-24