VAR-202201-0468
Vulnerability from variot - Updated: 2026-03-09 19:58build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability stems from a boundary error in the build_model in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202209-24
https://security.gentoo.org/
Severity: High Title: Expat: Multiple Vulnerabilities Date: September 29, 2022 Bugs: #791703, #830422, #831918, #833431, #870097 ID: 202209-24
Synopsis
Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/expat < 2.4.9 >= 2.4.9
Description
Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Expat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-libs/expat-2.4.9"
References
[ 1 ] CVE-2021-45960 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 [ 2 ] CVE-2021-46143 https://nvd.nist.gov/vuln/detail/CVE-2021-46143 [ 3 ] CVE-2022-22822 https://nvd.nist.gov/vuln/detail/CVE-2022-22822 [ 4 ] CVE-2022-22823 https://nvd.nist.gov/vuln/detail/CVE-2022-22823 [ 5 ] CVE-2022-22824 https://nvd.nist.gov/vuln/detail/CVE-2022-22824 [ 6 ] CVE-2022-22825 https://nvd.nist.gov/vuln/detail/CVE-2022-22825 [ 7 ] CVE-2022-22826 https://nvd.nist.gov/vuln/detail/CVE-2022-22826 [ 8 ] CVE-2022-22827 https://nvd.nist.gov/vuln/detail/CVE-2022-22827 [ 9 ] CVE-2022-23852 https://nvd.nist.gov/vuln/detail/CVE-2022-23852 [ 10 ] CVE-2022-23990 https://nvd.nist.gov/vuln/detail/CVE-2022-23990 [ 11 ] CVE-2022-25235 https://nvd.nist.gov/vuln/detail/CVE-2022-25235 [ 12 ] CVE-2022-25236 https://nvd.nist.gov/vuln/detail/CVE-2022-25236 [ 13 ] CVE-2022-25313 https://nvd.nist.gov/vuln/detail/CVE-2022-25313 [ 14 ] CVE-2022-25314 https://nvd.nist.gov/vuln/detail/CVE-2022-25314 [ 15 ] CVE-2022-25315 https://nvd.nist.gov/vuln/detail/CVE-2022-25315 [ 16 ] CVE-2022-40674 https://nvd.nist.gov/vuln/detail/CVE-2022-40674
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-24
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the oldstable distribution (buster), these problems have been fixed in version 2.2.6-2+deb10u2.
For the stable distribution (bullseye), these problems have been fixed in version 2.2.10-2+deb11u1.
We recommend that you upgrade your expat packages.
For the detailed security status of expat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi /RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ zBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe YhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x g/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC XV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF 1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl ht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6 ut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn AQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B QS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM= =hLGY -----END PGP SIGNATURE----- . Description:
Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.
Security Fix(es):
-
Openshift-Gitops: Improper access control allows admin privilege escalation (CVE-2022-1025)
-
argocd: path traversal and improper access control allows leaking out-of-bound files (CVE-2022-24730)
-
argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: expat security update Advisory ID: RHSA-2022:0951-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0951 Issue date: 2022-03-16 CVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ==================================================================== 1. Summary:
An update for expat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
Expat is a C library for parsing XML documents.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, applications using the Expat library must be restarted for the update to take effect.
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: expat-2.2.5-4.el8_5.3.src.rpm
aarch64: expat-2.2.5-4.el8_5.3.aarch64.rpm expat-debuginfo-2.2.5-4.el8_5.3.aarch64.rpm expat-debugsource-2.2.5-4.el8_5.3.aarch64.rpm expat-devel-2.2.5-4.el8_5.3.aarch64.rpm
ppc64le: expat-2.2.5-4.el8_5.3.ppc64le.rpm expat-debuginfo-2.2.5-4.el8_5.3.ppc64le.rpm expat-debugsource-2.2.5-4.el8_5.3.ppc64le.rpm expat-devel-2.2.5-4.el8_5.3.ppc64le.rpm
s390x: expat-2.2.5-4.el8_5.3.s390x.rpm expat-debuginfo-2.2.5-4.el8_5.3.s390x.rpm expat-debugsource-2.2.5-4.el8_5.3.s390x.rpm expat-devel-2.2.5-4.el8_5.3.s390x.rpm
x86_64: expat-2.2.5-4.el8_5.3.i686.rpm expat-2.2.5-4.el8_5.3.x86_64.rpm expat-debuginfo-2.2.5-4.el8_5.3.i686.rpm expat-debuginfo-2.2.5-4.el8_5.3.x86_64.rpm expat-debugsource-2.2.5-4.el8_5.3.i686.rpm expat-debugsource-2.2.5-4.el8_5.3.x86_64.rpm expat-devel-2.2.5-4.el8_5.3.i686.rpm expat-devel-2.2.5-4.el8_5.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYjJSC9zjgjWX9erEAQjISQ//Z+1p1XtGbQuztV4zY/1wBgBQdBeuCxu0 2kj+fV9+PiZe32zRwBrYz1S0kAZZFq1Laz0ulO6w5GE4B2b/jXnj38FfzJN/cdtO gomEzjPT80Ie16/H8hSCutchWvsKb3J6WhkCcPn1AP5FxNpSJMUuVWN80wTk33Ap 9aPOcL296tzSRlsHxnnIh6qBebPMLeVSBIud3pCOeRAlkuM/tJ+CEZvfLeyS1zjw QltPlnCHM5xk/gRAsaPILOAAPRp4MI5pJNhMx1PPKs2JfCASoKSakonvZ8S6BwLJ qqgp/5bQCRXVIzmOZmWhiZDYB0f3QDOVOso9yOLFanJDeHSow8sBGHOIS/cVPttv 7tlsKYuQAOMku9JhyIQh3QkcGlBOqAYoLxafwzC9mtF+OITHl2zmzeHSYkvVZHj7 l43rcTC8YaFyknJA23H4n/RaqrU7TP4T9pAVo+eltQy07w8/peg8nK3O1N5PVxHx u+NMbGcr54B/K3wTAiHPxZb1mi9bfzu0vsJLuQC4yQuvLFXhtawvrKZCMPqj93JH e1d4Y/AF+2dNWkaK9JSQiD/WfGtLzsOk7Jq63ksIfbAMwY+Djf+pXV4GkTg9eSCe bbSuqmeCY59ydrM/bBNpxaxaIr9FhmE8Uqyt1D7RgT4cKG60CRSV9zxzLDYOhSTM 6/RZ7AnnaPU=lQEd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "libexpat",
"scope": "lt",
"trust": 1.0,
"vendor": "libexpat",
"version": "2.4.3"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "10.1.1"
},
{
"_id": null,
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"_id": null,
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "8.15.3"
},
{
"_id": null,
"model": "nessus",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "10.0.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22823"
}
]
},
"credits": {
"_id": null,
"data": "Siemens notified CISA of these vulnerabilities.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
}
],
"trust": 0.6
},
"cve": "CVE-2022-22823",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2022-22823",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-411549",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-22823",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-22823",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-22823",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202201-637",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-411549",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-22823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411549"
},
{
"db": "VULMON",
"id": "CVE-2022-22823"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
},
{
"db": "NVD",
"id": "CVE-2022-22823"
},
{
"db": "NVD",
"id": "CVE-2022-22823"
}
]
},
"description": {
"_id": null,
"data": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. The vulnerability stems from a boundary error in the build_model in xmlparse.c when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202209-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Expat: Multiple Vulnerabilities\n Date: September 29, 2022\n Bugs: #791703, #830422, #831918, #833431, #870097\n ID: 202209-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Expat, the worst of\nwhich could result in arbitrary code execution. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-libs/expat \u003c 2.4.9 \u003e= 2.4.9\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Expat. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Expat users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-libs/expat-2.4.9\"\n\nReferences\n=========\n[ 1 ] CVE-2021-45960\n https://nvd.nist.gov/vuln/detail/CVE-2021-45960\n[ 2 ] CVE-2021-46143\n https://nvd.nist.gov/vuln/detail/CVE-2021-46143\n[ 3 ] CVE-2022-22822\n https://nvd.nist.gov/vuln/detail/CVE-2022-22822\n[ 4 ] CVE-2022-22823\n https://nvd.nist.gov/vuln/detail/CVE-2022-22823\n[ 5 ] CVE-2022-22824\n https://nvd.nist.gov/vuln/detail/CVE-2022-22824\n[ 6 ] CVE-2022-22825\n https://nvd.nist.gov/vuln/detail/CVE-2022-22825\n[ 7 ] CVE-2022-22826\n https://nvd.nist.gov/vuln/detail/CVE-2022-22826\n[ 8 ] CVE-2022-22827\n https://nvd.nist.gov/vuln/detail/CVE-2022-22827\n[ 9 ] CVE-2022-23852\n https://nvd.nist.gov/vuln/detail/CVE-2022-23852\n[ 10 ] CVE-2022-23990\n https://nvd.nist.gov/vuln/detail/CVE-2022-23990\n[ 11 ] CVE-2022-25235\n https://nvd.nist.gov/vuln/detail/CVE-2022-25235\n[ 12 ] CVE-2022-25236\n https://nvd.nist.gov/vuln/detail/CVE-2022-25236\n[ 13 ] CVE-2022-25313\n https://nvd.nist.gov/vuln/detail/CVE-2022-25313\n[ 14 ] CVE-2022-25314\n https://nvd.nist.gov/vuln/detail/CVE-2022-25314\n[ 15 ] CVE-2022-25315\n https://nvd.nist.gov/vuln/detail/CVE-2022-25315\n[ 16 ] CVE-2022-40674\n https://nvd.nist.gov/vuln/detail/CVE-2022-40674\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202209-24\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.2.6-2+deb10u2. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.2.10-2+deb11u1. \n\nWe recommend that you upgrade your expat packages. \n\nFor the detailed security status of expat please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/expat\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmIHtfRfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5Uw/8Cx7ErfU/j1OgJxyfoRH3/Rz5YNCRzmEzjg7Uh8ZuJl6WfkcvcKvYlCoi\n/RtUOzYfk2Zg7NHXE86TWOWtbxU1n16n22XwhpbLHAIPuw1GhvwDG6Ctt8U3YAaJ\nzBReZvw3NSxWJdOD7rTJlAtlQcFpHSUJd2jWjcggZCfySduYMKwLYNzt5+eruwpe\nYhPKDdZH/MUMe0zOV43qfyYTeP7bqCbpnyhZXk8cNC39SzrJnXwovn7eKmFFCW5x\ng/ptvOIBJVzh3LxemMyWF4qomQ1rRxGWbkXx46cUQ7alyTcExMnIwBfpzJYCpAKC\nXV9FvhGS0sfug9NelY9+xpQAvrfCYToHW5niA6OzPuP/Lf7AAWinmGNpxTlYWQcF\n1ZxOEQbv8XGikfM74pEsSjIkFwjkLQEFfETaImsvonZf6A3IIhLqkSBsS+j7LNcl\nht3uMiJIXkn+iJyDYcCaB0PhgPAqBVk/wk9X01sygzMNrFrYfcX8CeALq5uaZkl6\nut1wYIirLFRKIhuHdGsmt/NKyFIJTzfmaL2W0nvAdLFVxPZQwIzaGxUALo04O+Zn\nAQj2/JbsAiO2p/N5CXEwtyBNzmJNqlzPlcZ+42uuo/nvsscw2QAL+Yk88XZKwx1B\nQS4zjj7Lf38+ATT5CFR8m8MTjlv4pUVnYABjx+8LX3pDS3QH4mM=\n=hLGY\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat Openshift GitOps is a declarative way to implement continuous\ndeployment for cloud native applications. \n\nSecurity Fix(es):\n\n* Openshift-Gitops: Improper access control allows admin privilege\nescalation\n(CVE-2022-1025)\n\n* argocd: path traversal and improper access control allows leaking\nout-of-bound\nfiles (CVE-2022-24730)\n\n* argocd: path traversal allows leaking out-of-bound files (CVE-2022-24731)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files\n2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files\n2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: expat security update\nAdvisory ID: RHSA-2022:0951-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0951\nIssue date: 2022-03-16\nCVE Names: CVE-2021-45960 CVE-2021-46143 CVE-2022-22822\n CVE-2022-22823 CVE-2022-22824 CVE-2022-22825\n CVE-2022-22826 CVE-2022-22827 CVE-2022-23852\n CVE-2022-25235 CVE-2022-25236 CVE-2022-25315\n====================================================================\n1. Summary:\n\nAn update for expat is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nExpat is a C library for parsing XML documents. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library\nmust be restarted for the update to take effect. \n\n5. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nexpat-2.2.5-4.el8_5.3.src.rpm\n\naarch64:\nexpat-2.2.5-4.el8_5.3.aarch64.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.aarch64.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.aarch64.rpm\nexpat-devel-2.2.5-4.el8_5.3.aarch64.rpm\n\nppc64le:\nexpat-2.2.5-4.el8_5.3.ppc64le.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.ppc64le.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.ppc64le.rpm\nexpat-devel-2.2.5-4.el8_5.3.ppc64le.rpm\n\ns390x:\nexpat-2.2.5-4.el8_5.3.s390x.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.s390x.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.s390x.rpm\nexpat-devel-2.2.5-4.el8_5.3.s390x.rpm\n\nx86_64:\nexpat-2.2.5-4.el8_5.3.i686.rpm\nexpat-2.2.5-4.el8_5.3.x86_64.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.i686.rpm\nexpat-debuginfo-2.2.5-4.el8_5.3.x86_64.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.i686.rpm\nexpat-debugsource-2.2.5-4.el8_5.3.x86_64.rpm\nexpat-devel-2.2.5-4.el8_5.3.i686.rpm\nexpat-devel-2.2.5-4.el8_5.3.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-45960\nhttps://access.redhat.com/security/cve/CVE-2021-46143\nhttps://access.redhat.com/security/cve/CVE-2022-22822\nhttps://access.redhat.com/security/cve/CVE-2022-22823\nhttps://access.redhat.com/security/cve/CVE-2022-22824\nhttps://access.redhat.com/security/cve/CVE-2022-22825\nhttps://access.redhat.com/security/cve/CVE-2022-22826\nhttps://access.redhat.com/security/cve/CVE-2022-22827\nhttps://access.redhat.com/security/cve/CVE-2022-23852\nhttps://access.redhat.com/security/cve/CVE-2022-25235\nhttps://access.redhat.com/security/cve/CVE-2022-25236\nhttps://access.redhat.com/security/cve/CVE-2022-25315\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYjJSC9zjgjWX9erEAQjISQ//Z+1p1XtGbQuztV4zY/1wBgBQdBeuCxu0\n2kj+fV9+PiZe32zRwBrYz1S0kAZZFq1Laz0ulO6w5GE4B2b/jXnj38FfzJN/cdtO\ngomEzjPT80Ie16/H8hSCutchWvsKb3J6WhkCcPn1AP5FxNpSJMUuVWN80wTk33Ap\n9aPOcL296tzSRlsHxnnIh6qBebPMLeVSBIud3pCOeRAlkuM/tJ+CEZvfLeyS1zjw\nQltPlnCHM5xk/gRAsaPILOAAPRp4MI5pJNhMx1PPKs2JfCASoKSakonvZ8S6BwLJ\nqqgp/5bQCRXVIzmOZmWhiZDYB0f3QDOVOso9yOLFanJDeHSow8sBGHOIS/cVPttv\n7tlsKYuQAOMku9JhyIQh3QkcGlBOqAYoLxafwzC9mtF+OITHl2zmzeHSYkvVZHj7\nl43rcTC8YaFyknJA23H4n/RaqrU7TP4T9pAVo+eltQy07w8/peg8nK3O1N5PVxHx\nu+NMbGcr54B/K3wTAiHPxZb1mi9bfzu0vsJLuQC4yQuvLFXhtawvrKZCMPqj93JH\ne1d4Y/AF+2dNWkaK9JSQiD/WfGtLzsOk7Jq63ksIfbAMwY+Djf+pXV4GkTg9eSCe\nbbSuqmeCY59ydrM/bBNpxaxaIr9FhmE8Uqyt1D7RgT4cKG60CRSV9zxzLDYOhSTM\n6/RZ7AnnaPU=lQEd\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-22823"
},
{
"db": "VULHUB",
"id": "VHN-411549"
},
{
"db": "VULMON",
"id": "CVE-2022-22823"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166348"
}
],
"trust": 1.53
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-22823",
"trust": 2.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/01/17/3",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-484086",
"trust": 1.7
},
{
"db": "TENABLE",
"id": "TNS-2022-05",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "166348",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168578",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167008",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169788",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166496",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166976",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166437",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166516",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022072065",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072710",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060617",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032843",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070734",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022041954",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011713",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031627",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022022416",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070605",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022020902",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021418",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022033002",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032445",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042116",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-17",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0626",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4174",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1677",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1154",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1263",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2171",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3299",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5666",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0369",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0749",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202201-637",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "166433",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "166431",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2022-04539",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-411549",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-22823",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169217",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411549"
},
{
"db": "VULMON",
"id": "CVE-2022-22823"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
},
{
"db": "NVD",
"id": "CVE-2022-22823"
}
]
},
"id": "VAR-202201-0468",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-411549"
}
],
"trust": 0.7003805
},
"last_update_date": "2026-03-09T19:58:20.601000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Red Hat: CVE-2022-22823",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-22823"
},
{
"title": "Red Hat: Important: expat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220951 - Security Advisory"
},
{
"title": "Debian CVElist Bug Report Logs: expat: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1730aaeace15912feb07b96b49c44c9a"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1603",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1603"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221039 - Security Advisory"
},
{
"title": "Debian Security Advisories: DSA-5073-1 expat -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=131f3d669e0814049dd7f5b87ef0af84"
},
{
"title": "Amazon Linux 2: ALAS2-2022-1809",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2022-1809"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.1 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221734 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221041 - Security Advisory"
},
{
"title": "Red Hat: Low: Release of OpenShift Serverless Version 1.22.0",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221747 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat OpenShift GitOps security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221042 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.3.8 security and container updates",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221083 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.4.3 security updates and bug fixes",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221476 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Nessus Versions 8.15.3 and 10.1.1 Fix Multiple Third-Party Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2022-05"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-017"
},
{
"title": "Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20221396 - Security Advisory"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-22823"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411549"
},
{
"db": "NVD",
"id": "CVE-2022-22823"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202209-24"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"trust": 1.7,
"url": "https://github.com/libexpat/libexpat/pull/539"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072710"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031627"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1154"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022022416"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022041954"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/expat-six-vulnerabilities-37271"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166976/red-hat-security-advisory-2022-1734-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022020902"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166516/red-hat-security-advisory-2022-1083-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2171"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4174"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021418"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032843"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070605"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5666"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032445"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166496/red-hat-security-advisory-2022-1069-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022072065"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1263"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169788/red-hat-security-advisory-2022-7692-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060617"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042116"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033002"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011713"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0749"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0626"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3299"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0369"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1677"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070734"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25235"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25236"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.3,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23990"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1025"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-31566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23219"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0261"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24407"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24731"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23218"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24730"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23308"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24730"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0318"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0392"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1025"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0413"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0359"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3999"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-31566"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40674"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/expat"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25710"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-0811"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25709"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24731"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-411549"
},
{
"db": "PACKETSTORM",
"id": "168578"
},
{
"db": "PACKETSTORM",
"id": "169217"
},
{
"db": "PACKETSTORM",
"id": "166431"
},
{
"db": "PACKETSTORM",
"id": "166433"
},
{
"db": "PACKETSTORM",
"id": "166348"
},
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
},
{
"db": "NVD",
"id": "CVE-2022-22823"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-411549",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2022-22823",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168578",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169217",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166431",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166433",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "166348",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202201-637",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-22823",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-411549",
"ident": null
},
{
"date": "2022-01-10T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22823",
"ident": null
},
{
"date": "2022-09-30T14:56:43",
"db": "PACKETSTORM",
"id": "168578",
"ident": null
},
{
"date": "2022-02-28T20:12:00",
"db": "PACKETSTORM",
"id": "169217",
"ident": null
},
{
"date": "2022-03-24T14:34:35",
"db": "PACKETSTORM",
"id": "166431",
"ident": null
},
{
"date": "2022-03-24T14:36:50",
"db": "PACKETSTORM",
"id": "166433",
"ident": null
},
{
"date": "2022-03-17T15:51:32",
"db": "PACKETSTORM",
"id": "166348",
"ident": null
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-637",
"ident": null
},
{
"date": "2022-01-10T14:12:56.270000",
"db": "NVD",
"id": "CVE-2022-22823",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-411549",
"ident": null
},
{
"date": "2022-10-06T00:00:00",
"db": "VULMON",
"id": "CVE-2022-22823",
"ident": null
},
{
"date": "2022-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202201-637",
"ident": null
},
{
"date": "2025-05-05T17:17:52.690000",
"db": "NVD",
"id": "CVE-2022-22823",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Expat Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202201-637"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.