Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-22824 (GCVE-0-2022-22824)
Vulnerability from cvelistv5 ā Published: 2022-01-08 02:56 ā Updated: 2025-05-05 16:29
VLAI?
EPSS
Summary
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/539"
},
{
"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"name": "DSA-5073",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-24"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:27:47.292328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:29:22.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libexpat/libexpat/pull/539"
},
{
"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"name": "DSA-5073",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "GLSA-202209-24",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-22824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libexpat/libexpat/pull/539",
"refsource": "MISC",
"url": "https://github.com/libexpat/libexpat/pull/539"
},
{
"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"
},
{
"name": "https://www.tenable.com/security/tns-2022-05",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-05"
},
{
"name": "DSA-5073",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5073"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"
},
{
"name": "GLSA-202209-24",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-22824",
"datePublished": "2022-01-08T02:56:58.000Z",
"dateReserved": "2022-01-08T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:29:22.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.4.3\", \"matchCriteriaId\": \"7A2FBF20-7B2C-49FF-83F8-1EF903078751\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.15.3\", \"matchCriteriaId\": \"C42F5145-1F37-40E2-AD83-495F7012BC3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.0.0\", \"versionEndExcluding\": \"10.1.1\", \"matchCriteriaId\": \"112367D4-EF51-4050-834C-7E887A5C52D9\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.1\", \"matchCriteriaId\": \"98CC9C9A-FE14-4D50-A8EC-C309229356C8\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\"}, {\"lang\": \"es\", \"value\": \"la funci\\u00f3n defineAttribute en el archivo xmlparse.c en Expat (tambi\\u00e9n se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros\"}]",
"id": "CVE-2022-22824",
"lastModified": "2024-11-21T06:47:31.640",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-01-10T14:12:56.567",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/17/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/539\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5073\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-05\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/01/17/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/libexpat/libexpat/pull/539\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202209-24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2022-05\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-22824\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-01-10T14:12:56.567\",\"lastModified\":\"2025-05-05T17:17:53.117\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\"},{\"lang\":\"es\",\"value\":\"la funci\u00f3n defineAttribute en el archivo xmlparse.c en Expat (tambi\u00e9n se conoce como libexpat) versiones anteriores a 2.4.3, presenta un desbordamiento de enteros\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.3\",\"matchCriteriaId\":\"7A2FBF20-7B2C-49FF-83F8-1EF903078751\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.15.3\",\"matchCriteriaId\":\"C42F5145-1F37-40E2-AD83-495F7012BC3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.1.1\",\"matchCriteriaId\":\"112367D4-EF51-4050-834C-7E887A5C52D9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1\",\"matchCriteriaId\":\"98CC9C9A-FE14-4D50-A8EC-C309229356C8\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/17/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/539\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202209-24\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5073\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-05\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/01/17/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/539\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202209-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2022-05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
OPENSUSE-SU-2024:11762-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
expat-2.4.3-1.1 on GA media
Notes
Title of the patch
expat-2.4.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the expat-2.4.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11762
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "expat-2.4.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the expat-2.4.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11762",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11762-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45960 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46143 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22822 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22827/"
}
],
"title": "expat-2.4.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11762-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.3-1.1.aarch64",
"product": {
"name": "expat-2.4.3-1.1.aarch64",
"product_id": "expat-2.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.3-1.1.aarch64",
"product": {
"name": "libexpat-devel-2.4.3-1.1.aarch64",
"product_id": "libexpat-devel-2.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.4.3-1.1.aarch64",
"product": {
"name": "libexpat-devel-32bit-2.4.3-1.1.aarch64",
"product_id": "libexpat-devel-32bit-2.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.3-1.1.aarch64",
"product": {
"name": "libexpat1-2.4.3-1.1.aarch64",
"product_id": "libexpat1-2.4.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.4.3-1.1.aarch64",
"product": {
"name": "libexpat1-32bit-2.4.3-1.1.aarch64",
"product_id": "libexpat1-32bit-2.4.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.3-1.1.ppc64le",
"product": {
"name": "expat-2.4.3-1.1.ppc64le",
"product_id": "expat-2.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.3-1.1.ppc64le",
"product": {
"name": "libexpat-devel-2.4.3-1.1.ppc64le",
"product_id": "libexpat-devel-2.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"product": {
"name": "libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"product_id": "libexpat-devel-32bit-2.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.3-1.1.ppc64le",
"product": {
"name": "libexpat1-2.4.3-1.1.ppc64le",
"product_id": "libexpat1-2.4.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.4.3-1.1.ppc64le",
"product": {
"name": "libexpat1-32bit-2.4.3-1.1.ppc64le",
"product_id": "libexpat1-32bit-2.4.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.3-1.1.s390x",
"product": {
"name": "expat-2.4.3-1.1.s390x",
"product_id": "expat-2.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.3-1.1.s390x",
"product": {
"name": "libexpat-devel-2.4.3-1.1.s390x",
"product_id": "libexpat-devel-2.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.4.3-1.1.s390x",
"product": {
"name": "libexpat-devel-32bit-2.4.3-1.1.s390x",
"product_id": "libexpat-devel-32bit-2.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.3-1.1.s390x",
"product": {
"name": "libexpat1-2.4.3-1.1.s390x",
"product_id": "libexpat1-2.4.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.4.3-1.1.s390x",
"product": {
"name": "libexpat1-32bit-2.4.3-1.1.s390x",
"product_id": "libexpat1-32bit-2.4.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.3-1.1.x86_64",
"product": {
"name": "expat-2.4.3-1.1.x86_64",
"product_id": "expat-2.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.3-1.1.x86_64",
"product": {
"name": "libexpat-devel-2.4.3-1.1.x86_64",
"product_id": "libexpat-devel-2.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.4.3-1.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.4.3-1.1.x86_64",
"product_id": "libexpat-devel-32bit-2.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.3-1.1.x86_64",
"product": {
"name": "libexpat1-2.4.3-1.1.x86_64",
"product_id": "libexpat1-2.4.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.4.3-1.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.4.3-1.1.x86_64",
"product_id": "libexpat1-32bit-2.4.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64"
},
"product_reference": "expat-2.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le"
},
"product_reference": "expat-2.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.4.3-1.1.s390x"
},
"product_reference": "expat-2.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64"
},
"product_reference": "expat-2.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64"
},
"product_reference": "libexpat-devel-2.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le"
},
"product_reference": "libexpat-devel-2.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x"
},
"product_reference": "libexpat-devel-2.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64"
},
"product_reference": "libexpat-devel-2.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64"
},
"product_reference": "libexpat-devel-32bit-2.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le"
},
"product_reference": "libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x"
},
"product_reference": "libexpat-devel-32bit-2.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64"
},
"product_reference": "libexpat-devel-32bit-2.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64"
},
"product_reference": "libexpat1-2.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le"
},
"product_reference": "libexpat1-2.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x"
},
"product_reference": "libexpat1-2.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64"
},
"product_reference": "libexpat1-2.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.4.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64"
},
"product_reference": "libexpat1-32bit-2.4.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.4.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le"
},
"product_reference": "libexpat1-32bit-2.4.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.4.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x"
},
"product_reference": "libexpat1-32bit-2.4.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.4.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.4.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45960"
}
],
"notes": [
{
"category": "general",
"text": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45960",
"url": "https://www.suse.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "SUSE Bug 1194251 for CVE-2021-45960",
"url": "https://bugzilla.suse.com/1194251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-45960"
},
{
"cve": "CVE-2021-46143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46143"
}
],
"notes": [
{
"category": "general",
"text": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46143",
"url": "https://www.suse.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "SUSE Bug 1194362 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1194362"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1196387 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1196387"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-46143"
},
{
"cve": "CVE-2022-22822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22822"
}
],
"notes": [
{
"category": "general",
"text": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22822",
"url": "https://www.suse.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "SUSE Bug 1194474 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1194474"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22822"
},
{
"cve": "CVE-2022-22823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22823"
}
],
"notes": [
{
"category": "general",
"text": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22823",
"url": "https://www.suse.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "SUSE Bug 1194476 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1194476"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22823"
},
{
"cve": "CVE-2022-22824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22824"
}
],
"notes": [
{
"category": "general",
"text": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22824",
"url": "https://www.suse.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "SUSE Bug 1194477 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1194477"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22824"
},
{
"cve": "CVE-2022-22825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22825"
}
],
"notes": [
{
"category": "general",
"text": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22825",
"url": "https://www.suse.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "SUSE Bug 1194478 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1194478"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22825"
},
{
"cve": "CVE-2022-22826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22826"
}
],
"notes": [
{
"category": "general",
"text": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22826",
"url": "https://www.suse.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "SUSE Bug 1194479 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1194479"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22826"
},
{
"cve": "CVE-2022-22827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22827"
}
],
"notes": [
{
"category": "general",
"text": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22827",
"url": "https://www.suse.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "SUSE Bug 1194480 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1194480"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:expat-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:expat-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:expat-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:expat-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat-devel-32bit-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-2.4.3-1.1.x86_64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.aarch64",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.ppc64le",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.s390x",
"openSUSE Tumbleweed:libexpat1-32bit-2.4.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22827"
}
]
}
OPENSUSE-SU-2022:0178-1
Vulnerability from csaf_opensuse - Published: 2022-01-25 13:16 - Updated: 2022-01-25 13:16Summary
Security update for expat
Notes
Title of the patch
Security update for expat
Description of the patch
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
Patchnames
openSUSE-SLE-15.3-2022-178
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n \n- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).\n- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).\n- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).\n- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).\n- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).\n- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).\n- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).\n- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-SLE-15.3-2022-178",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0178-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0178-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5POFOWWCWJ3SLTEUIQRMKXQB4GOECNOP/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0178-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5POFOWWCWJ3SLTEUIQRMKXQB4GOECNOP/"
},
{
"category": "self",
"summary": "SUSE Bug 1194251",
"url": "https://bugzilla.suse.com/1194251"
},
{
"category": "self",
"summary": "SUSE Bug 1194362",
"url": "https://bugzilla.suse.com/1194362"
},
{
"category": "self",
"summary": "SUSE Bug 1194474",
"url": "https://bugzilla.suse.com/1194474"
},
{
"category": "self",
"summary": "SUSE Bug 1194476",
"url": "https://bugzilla.suse.com/1194476"
},
{
"category": "self",
"summary": "SUSE Bug 1194477",
"url": "https://bugzilla.suse.com/1194477"
},
{
"category": "self",
"summary": "SUSE Bug 1194478",
"url": "https://bugzilla.suse.com/1194478"
},
{
"category": "self",
"summary": "SUSE Bug 1194479",
"url": "https://bugzilla.suse.com/1194479"
},
{
"category": "self",
"summary": "SUSE Bug 1194480",
"url": "https://bugzilla.suse.com/1194480"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45960 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45960/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-46143 page",
"url": "https://www.suse.com/security/cve/CVE-2021-46143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22822 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22824 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22825 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22825/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22826 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22826/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22827 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22827/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2022-01-25T13:16:34Z",
"generator": {
"date": "2022-01-25T13:16:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0178-1",
"initial_release_date": "2022-01-25T13:16:34Z",
"revision_history": [
{
"date": "2022-01-25T13:16:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-3.9.1.aarch64",
"product": {
"name": "expat-2.2.5-3.9.1.aarch64",
"product_id": "expat-2.2.5-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-3.9.1.aarch64",
"product": {
"name": "libexpat-devel-2.2.5-3.9.1.aarch64",
"product_id": "libexpat-devel-2.2.5-3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-3.9.1.aarch64",
"product": {
"name": "libexpat1-2.2.5-3.9.1.aarch64",
"product_id": "libexpat1-2.2.5-3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-3.9.1.ppc64le",
"product": {
"name": "expat-2.2.5-3.9.1.ppc64le",
"product_id": "expat-2.2.5-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-3.9.1.ppc64le",
"product": {
"name": "libexpat-devel-2.2.5-3.9.1.ppc64le",
"product_id": "libexpat-devel-2.2.5-3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-3.9.1.ppc64le",
"product": {
"name": "libexpat1-2.2.5-3.9.1.ppc64le",
"product_id": "libexpat1-2.2.5-3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-3.9.1.s390x",
"product": {
"name": "expat-2.2.5-3.9.1.s390x",
"product_id": "expat-2.2.5-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-3.9.1.s390x",
"product": {
"name": "libexpat-devel-2.2.5-3.9.1.s390x",
"product_id": "libexpat-devel-2.2.5-3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-3.9.1.s390x",
"product": {
"name": "libexpat1-2.2.5-3.9.1.s390x",
"product_id": "libexpat1-2.2.5-3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.2.5-3.9.1.x86_64",
"product": {
"name": "expat-2.2.5-3.9.1.x86_64",
"product_id": "expat-2.2.5-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.2.5-3.9.1.x86_64",
"product": {
"name": "libexpat-devel-2.2.5-3.9.1.x86_64",
"product_id": "libexpat-devel-2.2.5-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"product_id": "libexpat-devel-32bit-2.2.5-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.2.5-3.9.1.x86_64",
"product": {
"name": "libexpat1-2.2.5-3.9.1.x86_64",
"product_id": "libexpat1-2.2.5-3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.2.5-3.9.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.2.5-3.9.1.x86_64",
"product_id": "libexpat1-32bit-2.2.5-3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64"
},
"product_reference": "expat-2.2.5-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le"
},
"product_reference": "expat-2.2.5-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x"
},
"product_reference": "expat-2.2.5-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-2.2.5-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64"
},
"product_reference": "expat-2.2.5-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64"
},
"product_reference": "libexpat-devel-2.2.5-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le"
},
"product_reference": "libexpat-devel-2.2.5-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x"
},
"product_reference": "libexpat-devel-2.2.5-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-2.2.5-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64"
},
"product_reference": "libexpat-devel-2.2.5-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat-devel-32bit-2.2.5-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64"
},
"product_reference": "libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-3.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64"
},
"product_reference": "libexpat1-2.2.5-3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-3.9.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le"
},
"product_reference": "libexpat1-2.2.5-3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-3.9.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x"
},
"product_reference": "libexpat1-2.2.5-3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.2.5-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64"
},
"product_reference": "libexpat1-2.2.5-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-32bit-2.2.5-3.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
},
"product_reference": "libexpat1-32bit-2.2.5-3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45960",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45960"
}
],
"notes": [
{
"category": "general",
"text": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45960",
"url": "https://www.suse.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "SUSE Bug 1194251 for CVE-2021-45960",
"url": "https://bugzilla.suse.com/1194251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "moderate"
}
],
"title": "CVE-2021-45960"
},
{
"cve": "CVE-2021-46143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-46143"
}
],
"notes": [
{
"category": "general",
"text": "In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-46143",
"url": "https://www.suse.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "SUSE Bug 1194362 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1194362"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1196387 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1196387"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2021-46143",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2021-46143"
},
{
"cve": "CVE-2022-22822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22822"
}
],
"notes": [
{
"category": "general",
"text": "addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22822",
"url": "https://www.suse.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "SUSE Bug 1194474 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1194474"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22822",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2022-22822"
},
{
"cve": "CVE-2022-22823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22823"
}
],
"notes": [
{
"category": "general",
"text": "build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22823",
"url": "https://www.suse.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "SUSE Bug 1194476 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1194476"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22823",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2022-22823"
},
{
"cve": "CVE-2022-22824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22824"
}
],
"notes": [
{
"category": "general",
"text": "defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22824",
"url": "https://www.suse.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "SUSE Bug 1194477 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1194477"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22824",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2022-22824"
},
{
"cve": "CVE-2022-22825",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22825"
}
],
"notes": [
{
"category": "general",
"text": "lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22825",
"url": "https://www.suse.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "SUSE Bug 1194478 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1194478"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22825",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2022-22825"
},
{
"cve": "CVE-2022-22826",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22826"
}
],
"notes": [
{
"category": "general",
"text": "nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22826",
"url": "https://www.suse.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "SUSE Bug 1194479 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1194479"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22826",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2022-22826"
},
{
"cve": "CVE-2022-22827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22827"
}
],
"notes": [
{
"category": "general",
"text": "storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22827",
"url": "https://www.suse.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "SUSE Bug 1194480 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1194480"
},
{
"category": "external",
"summary": "SUSE Bug 1195327 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1195327"
},
{
"category": "external",
"summary": "SUSE Bug 1200038 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1200038"
},
{
"category": "external",
"summary": "SUSE Bug 1200198 for CVE-2022-22827",
"url": "https://bugzilla.suse.com/1200198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:expat-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat-devel-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat-devel-32bit-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.aarch64",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.ppc64le",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.s390x",
"openSUSE Leap 15.3:libexpat1-2.2.5-3.9.1.x86_64",
"openSUSE Leap 15.3:libexpat1-32bit-2.2.5-3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-25T13:16:34Z",
"details": "important"
}
],
"title": "CVE-2022-22827"
}
]
}
cleanstart-2026-yt18139
Vulnerability from cleanstart
Published
2026-01-30 17:26
Modified
2026-01-29 18:58
Summary
issue was discovered in libexpat before 2
Details
Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "expat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-YT18139",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T17:26:57.202658Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YT18139.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-9233"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15903"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-45960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-23852"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-23990"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25235"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25236"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25313"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25314"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25315"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-40674"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43680"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-52425"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-52426"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-28757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45490"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45491"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45492"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-50602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52426"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50602"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "issue was discovered in libexpat before 2",
"upstream": [
"CVE-2017-9233",
"CVE-2019-15903",
"CVE-2021-45960",
"CVE-2021-46143",
"CVE-2022-22822",
"CVE-2022-22823",
"CVE-2022-22824",
"CVE-2022-22825",
"CVE-2022-22826",
"CVE-2022-22827",
"CVE-2022-23852",
"CVE-2022-23990",
"CVE-2022-25235",
"CVE-2022-25236",
"CVE-2022-25313",
"CVE-2022-25314",
"CVE-2022-25315",
"CVE-2022-40674",
"CVE-2022-43680",
"CVE-2023-52425",
"CVE-2023-52426",
"CVE-2024-28757",
"CVE-2024-45490",
"CVE-2024-45491",
"CVE-2024-45492",
"CVE-2024-50602"
]
}
cleanstart-2026-mh09144
Vulnerability from cleanstart
Published
2026-02-13 00:45
Modified
2026-02-12 13:07
Summary
issue was discovered in libexpat before 2
Details
Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "expat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-MH09144",
"modified": "2026-02-12T13:07:54Z",
"published": "2026-02-13T00:45:17.459930Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MH09144.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-9233"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15903"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-45960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46143"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22824"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22825"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22826"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22827"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-23852"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-23990"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25235"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25236"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25313"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25314"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25315"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-40674"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43680"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-52425"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-52426"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-28757"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45490"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45491"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-45492"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-50602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52426"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50602"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "issue was discovered in libexpat before 2",
"upstream": [
"CVE-2017-9233",
"CVE-2019-15903",
"CVE-2021-45960",
"CVE-2021-46143",
"CVE-2022-22822",
"CVE-2022-22823",
"CVE-2022-22824",
"CVE-2022-22825",
"CVE-2022-22826",
"CVE-2022-22827",
"CVE-2022-23852",
"CVE-2022-23990",
"CVE-2022-25235",
"CVE-2022-25236",
"CVE-2022-25313",
"CVE-2022-25314",
"CVE-2022-25315",
"CVE-2022-40674",
"CVE-2022-43680",
"CVE-2023-52425",
"CVE-2023-52426",
"CVE-2024-28757",
"CVE-2024-45490",
"CVE-2024-45491",
"CVE-2024-45492",
"CVE-2024-50602"
]
}
CERTFR-2022-AVI-683
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et une atteinte Ć l'intĆ©gritĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antĆ©rieures Ć 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antĆ©rieures Ć 7.5.0 Update Pack 2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antĆ©rieures Ć 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2017-9801",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9801"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2021-39088",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39088"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2018-1294",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1294"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2022-0359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-683",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607135 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607133 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607137 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607129 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607129"
}
]
}
CERTFR-2024-AVI-1103
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits IBM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, une Ć©lĆ©vation de privilĆØges et un dĆ©ni de service Ć distance.
Solutions
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antĆ©rieures Ć 12.0.4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antĆ©rieures Ć 6.1.0.2 ifix 01 | ||
| IBM | QRadar SIEM | Security QRadar Log Management AQL Plugin versions antĆ©rieures Ć 1.1.0 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antĆ©rieures Ć 6.0.3.1 (fixpack) GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antĆ©rieures Ć 11.2.4 FP5 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antĆ©rieures Ć 6.1.0.1 (fixpack) GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antĆ©rieures Ć 6.2.0.0 ifix 01 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antĆ©rieures Ć 6.3.0.11_ifix001 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2023-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2018-15209",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2018-17100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2022-34266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
},
{
"name": "CVE-2020-35521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2019-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2024-45082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
},
{
"name": "CVE-2017-11613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2024-41752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2018-18508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2014-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
},
{
"name": "CVE-2023-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2019-17007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2023-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2015-7182",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2018-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2020-19144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2017-12627",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
},
{
"name": "CVE-2018-17101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2020-26261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
},
{
"name": "CVE-2023-24816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2019-17546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2020-15110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2017-18869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2022-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
},
{
"name": "CVE-2018-7456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
},
{
"name": "CVE-2023-38288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2017-18013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2016-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
},
{
"name": "CVE-2017-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2024-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2019-14973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
},
{
"name": "CVE-2020-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-19131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
},
{
"name": "CVE-2015-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2018-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
},
{
"name": "CVE-2018-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2020-35523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2021-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-29896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
},
{
"name": "CVE-2015-7181",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
},
{
"name": "CVE-2020-18768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2017-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
},
{
"name": "CVE-2014-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2017-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2017-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2018-19210",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
},
{
"name": "CVE-2013-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-10255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2020-35524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-35522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2017-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
"url": "https://www.ibm.com/support/pages/node/7177142"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
"url": "https://www.ibm.com/support/pages/node/7177223"
},
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
"url": "https://www.ibm.com/support/pages/node/7179044"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
"url": "https://www.ibm.com/support/pages/node/7179156"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
"url": "https://www.ibm.com/support/pages/node/7179166"
},
{
"published_at": "2024-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
"url": "https://www.ibm.com/support/pages/node/7178835"
}
]
}
CERTFR-2022-AVI-663
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM QRadar. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire, un dĆ©ni de service et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar versions 5.4.0.x versions ant\u00e9rieures \u00e0 5.4.0.16",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar versions 5.5.0.x versions ant\u00e9rieures \u00e0 5.5.0.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-663",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6605299 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6605299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6441625 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6441625"
}
]
}
CERTFR-2023-AVI-0785
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Belden. Certaines d'entre elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur, une exĆ©cution de code arbitraire Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Belden | N/A | Hirschmann HiOS MSP30 versions antĆ©rieures Ć 09.0.03 | ||
| Belden | N/A | Hirschmann HiOS RSP2S, RSPS, RSPL,EES, EESX, GRS1020, GRS1030 et RED versions antĆ©rieures Ć 07.1.06 | ||
| Belden | N/A | Hirschmann Lite Managed GECKO versions antĆ©rieures Ć 2.3.4 | ||
| Belden | N/A | Hirschmann Classic RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS et OCTOPUS versions antĆ©rieures Ć 9.1.08 | ||
| Belden | N/A | Hirschmann HiSecOS Eagle versions antĆ©rieures Ć 04.3.02 | ||
| Belden | N/A | Hirschmann HiOS RSP, RSPE, MSP40, GRS, OS et BRS versions antĆ©rieures Ć 09.1.00 | ||
| Belden | N/A | Hirschmann HiLCOS BAT C2 versions antĆ©rieures Ć 9.13 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hirschmann HiOS MSP30 versions ant\u00e9rieures \u00e0 09.0.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiOS RSP2S, RSPS, RSPL,EES, EESX, GRS1020, GRS1030 et RED versions ant\u00e9rieures \u00e0 07.1.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann Lite Managed GECKO versions ant\u00e9rieures \u00e0 2.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann Classic RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS et OCTOPUS versions ant\u00e9rieures \u00e0 9.1.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiSecOS Eagle versions ant\u00e9rieures \u00e0 04.3.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiOS RSP, RSPE, MSP40, GRS, OS et BRS versions ant\u00e9rieures \u00e0 09.1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiLCOS BAT C2 versions ant\u00e9rieures \u00e0 9.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0785",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nBelden. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Belden",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Belden BSECV-2022-07 du 26 septembre 2023",
"url": "https://assets.belden.com/m/5513203acb22e570/original/Belden_Security_Bulletin_BSECV-2022-07.pdf"
}
]
}
CERTFR-2022-AVI-767
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits IBM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antĆ©rieures Ć 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antĆ©rieures Ć 7.5.0 Update Pack 2 | ||
| IBM | Spectrum | IBM Spectrum Discover versions antĆ©rieures Ć 2.0.4.7 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antĆ©rieures Ć 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2021-20180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2020-25658",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
},
{
"name": "CVE-2020-15084",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-24773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2020-14330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
},
{
"name": "CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-46462",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
},
{
"name": "CVE-2021-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
},
{
"name": "CVE-2021-23386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
},
{
"name": "CVE-2022-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
},
{
"name": "CVE-2019-18874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
},
{
"name": "CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-34429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2021-46461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2020-13757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
},
{
"name": "CVE-2021-46463",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
},
{
"name": "CVE-2020-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614909"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614725"
}
]
}
CERTFR-2022-AVI-487
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits IBM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
- IBM TXSeries for Multiplatforms versions 9.1.x sans le correctif de sƩcuritƩ TXSeries_91_SpecialFIX_Liberty_042022
- IBM TXSeries for Multiplatforms versions 8.2.x sans le correctif de sƩcuritƩ TXSeries_82_SpecialFIX_Liberty_042022
- IBM Tivoli Monitoring versions 6.3.0.x antĆ©rieures Ć 6.3.0.7 Fix Pack 7 Service Pack 12
- IBM Cloud Private versions 3.1.0.x
- IBM Cloud Private versions 3.1.1.x
- IBM Cloud Private versions 3.1.2.x
- IBM Cloud Private versions 3.2.0.x
- IBM Cloud Private versions 3.2.1.x antĆ©rieures Ć 3.2.1.2203
- IBM Cloud Private versions 3.2.2.x antĆ©rieures Ć 3.2.2.2203
L'Ć©diteur ne propose pas de correctif pour les versions IBM Cloud Private 3.1.0, 3.1.1, 3.1.2 et 3.2.0 et conseille une mise Ć jour Ć la derniĆØre version CD (Continuous Delivery) IBM Cloud Private 3.2.2.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eIBM TXSeries for Multiplatforms versions 9.1.x sans le correctif de s\u00e9curit\u00e9 TXSeries_91_SpecialFIX_Liberty_042022\u003c/li\u003e \u003cli\u003eIBM TXSeries for Multiplatforms versions 8.2.x sans le correctif de s\u00e9curit\u00e9 TXSeries_82_SpecialFIX_Liberty_042022\u003c/li\u003e \u003cli\u003eIBM Tivoli Monitoring versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.7 Fix Pack 7 Service Pack 12\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.0.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.1.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.2.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.0.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.1.x ant\u00e9rieures \u00e0 3.2.1.2203\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.2.x ant\u00e9rieures \u00e0 3.2.2.2203\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour les versions IBM Cloud Private 3.1.0, 3.1.1, 3.1.2 et 3.2.0 et conseille une mise \u00e0 jour \u00e0 la derni\u00e8re version CD (Continuous Delivery) IBM Cloud Private 3.2.2.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-487",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6587154 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6587154"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588169 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588149 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588149"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6587158 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6587158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588167 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588167"
}
]
}
CERTFR-2022-AVI-201
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM WebSphere. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 9.0.x.x antĆ©rieures Ć 9.0.5.11 | ||
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 7.0.0.x antĆ©rieures Ć 7.0.0.45 sans le correctif PH43122 | ||
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 8.0.0.x antĆ©rieures Ć 8.0.0.15 sans le correctif PH43122 | ||
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 8.5.x.x antĆ©rieures Ć 8.5.5.22 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 9.0.x.x ant\u00e9rieures \u00e0 9.0.5.11",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 7.0.0.x ant\u00e9rieures \u00e0 7.0.0.45 sans le correctif PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 8.0.0.x ant\u00e9rieures \u00e0 8.0.0.15 sans le correctif PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 8.5.x.x ant\u00e9rieures \u00e0 8.5.5.22",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-201",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM WebSphere.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6559296 du 02 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6559296"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560814 du 02 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6560814"
}
]
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper Networks. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, une Ć©lĆ©vation de privilĆØges et un dĆ©ni de service Ć distance.
Solutions
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antĆ©rieures Ć 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antĆ©rieures Ć 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antĆ©rieures Ć 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antĆ©rieures Ć 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antĆ©rieures Ć 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antĆ©rieures Ć 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antĆ©rieures Ć 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antĆ©rieures Ć 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antĆ©rieures Ć 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antĆ©rieures Ć 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antĆ©rieures Ć 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antĆ©rieures Ć 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antĆ©rieures Ć 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antĆ©rieures Ć 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antĆ©rieures Ć 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antĆ©rieures Ć 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antĆ©rieures Ć 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antĆ©rieures Ć 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antĆ©rieures Ć 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antĆ©rieures Ć 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antĆ©rieures Ć 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antĆ©rieures Ć 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antĆ©rieures Ć 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antĆ©rieures Ć 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antĆ©rieures Ć 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antĆ©rieures Ć 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antĆ©rieures Ć 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antĆ©rieures Ć 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antĆ©rieures Ć 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antĆ©rieures Ć 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antĆ©rieures Ć 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antĆ©rieures Ć 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antĆ©rieures Ć 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antĆ©rieures Ć 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antĆ©rieures Ć 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antĆ©rieures Ć 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antĆ©rieures Ć 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antĆ©rieures Ć 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antĆ©rieures Ć 21.2R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antĆ©rieures Ć 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antĆ©rieures Ć 22.1R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antĆ©rieures Ć 22.2R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antĆ©rieures Ć 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antĆ©rieures Ć 22.3R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antĆ©rieures Ć 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antĆ©rieures Ć 22.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antĆ©rieures Ć 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antĆ©rieures Ć 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antĆ©rieures Ć 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antĆ©rieures Ć 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antĆ©rieures Ć 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antĆ©rieures Ć 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antĆ©rieures Ć 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antĆ©rieures Ć 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antĆ©rieures Ć 21.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antĆ©rieures Ć 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antĆ©rieures Ć 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antĆ©rieures Ć 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antĆ©rieures Ć 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antĆ©rieures Ć 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antĆ©rieures Ć 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antĆ©rieures Ć 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antĆ©rieures Ć 23.1R2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antĆ©rieures Ć 23.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antĆ©rieures Ć 23.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antĆ©rieures Ć 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos Space versions antĆ©rieures Ć 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antĆ©rieures Ć 20.4R3-S10 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antĆ©rieures Ć 21.2R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antĆ©rieures Ć 21.3R3-S5 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antĆ©rieures Ć 22.1R3-S4 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antĆ©rieures Ć 22.2R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antĆ©rieures Ć 22.3R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antĆ©rieures Ć SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antĆ©rieures Ć SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Session Smart Router versions antĆ©rieures Ć SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antĆ©rieures Ć 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antĆ©rieures Ć 21.4R3-S7-EVO |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
CERTFR-2023-AVI-0310
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper. Certaines d'entre elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur, une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Juniper Secure Analytics (JSA) avec Networks Security Threat Response Manager (STRM) versions antĆ©rieures Ć 7.5.0UP4 | ||
| N/A | N/A | JunosOS versions antĆ©rieures Ć 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.2R3-S7, 19.3R3-S1, 19.3R3-S7, 19.3R3-S8, 19.4R3, 19.4R3-S10, 19.4R3-S11, 19.4R3-S12, 19.4R3-S9, 20.1R2, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1-S1, 20.3R2, 20.3R3-S2, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 20.4R3-S6, 20.4R3-S7, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S2, 21.2R3-S3, 21.2R3-S4, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R1, 21.4R2, 21.4R2-S1, 21.4R3, 21.4R3-S1, 21.4R3-S2, 21.4R3-S3, 22.1R1, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S2, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, 22.4R1-S1, 22.4R2 et 23.1R1 | ||
| N/A | N/A | JunosOS Evolved versions antĆ©rieures Ć 20.1R3-EVO, 20.2R2-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R3-S5-EVO, 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.1R3-S4-EVO, 21.2R3-EVO, 21.2R3-S4-EVO, 21.2R3-S5-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 21.4R3-S1-EVO, 22.1R1-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| N/A | N/A | Paragon Active Assurance versions antĆ©rieures Ć 4.1.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics (JSA) avec Networks Security Threat Response Manager (STRM) versions ant\u00e9rieures \u00e0 7.5.0UP4",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JunosOS versions ant\u00e9rieures \u00e0 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.2R3-S7, 19.3R3-S1, 19.3R3-S7, 19.3R3-S8, 19.4R3, 19.4R3-S10, 19.4R3-S11, 19.4R3-S12, 19.4R3-S9, 20.1R2, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1-S1, 20.3R2, 20.3R3-S2, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 20.4R3-S6, 20.4R3-S7, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S2, 21.2R3-S3, 21.2R3-S4, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R1, 21.4R2, 21.4R2-S1, 21.4R3, 21.4R3-S1, 21.4R3-S2, 21.4R3-S3, 22.1R1, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S2, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, 22.4R1-S1, 22.4R2 et 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JunosOS Evolved versions ant\u00e9rieures \u00e0 20.1R3-EVO, 20.2R2-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R3-S5-EVO, 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.1R3-S4-EVO, 21.2R3-EVO, 21.2R3-S4-EVO, 21.2R3-S5-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 21.4R3-S1-EVO, 22.1R1-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28973"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-28970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28970"
},
{
"name": "CVE-2023-28967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28967"
},
{
"name": "CVE-2023-28983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28983"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-28979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28979"
},
{
"name": "CVE-2023-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28974"
},
{
"name": "CVE-2023-28959",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28959"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-28962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28962"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-28975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28975"
},
{
"name": "CVE-2023-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28971"
},
{
"name": "CVE-2023-28968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28968"
},
{
"name": "CVE-2023-28961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28961"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2023-28981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28981"
},
{
"name": "CVE-2023-28982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28982"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-1697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1697"
},
{
"name": "CVE-2023-28980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28980"
},
{
"name": "CVE-2023-28966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28966"
},
{
"name": "CVE-2023-28976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28976"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-28963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28963"
},
{
"name": "CVE-2023-28978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28978"
},
{
"name": "CVE-2023-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28964"
},
{
"name": "CVE-2023-28960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28960"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2023-28984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28984"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2023-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28972"
},
{
"name": "CVE-2023-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28965"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0310",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-13T00:00:00.000000"
},
{
"description": "Retrait d\u0027identifiants CVE en double.",
"revision_date": "2023-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70591 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-genuine-BGP-packets-causes-an-RPD-crash-CVE-2023-28967"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70601 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-MX-Series-If-a-specific-traffic-rate-goes-above-the-DDoS-threshold-it-will-lead-to-an-FPC-crash-CVE-2023-28976"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70587 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70594 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-JRR200-Kernel-crash-upon-receipt-of-a-specific-packet-CVE-2023-28970"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70607 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-If-malformed-IPv6-router-advertisements-are-received-memory-corruption-will-occur-which-causes-an-rpd-crash-CVE-2023-28981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70586 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-ACX-Series-IPv6-firewall-filter-is-not-installed-in-PFE-when-from-next-header-ah-is-used-CVE-2023-28961"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70609 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Shell-Injection-vulnerability-in-the-gNOI-server-CVE-2023-28983"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70599 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-MX-Series-In-a-BBE-scenario-upon-receipt-of-specific-malformed-packets-from-subscribers-the-process-bbe-smgd-will-crash-CVE-2023-28974"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70596 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-NFX-Series-set-system-ports-console-insecure-allows-root-password-recovery-CVE-2023-28972"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70585 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Docker-repository-is-world-writeable-allowing-low-privileged-local-user-to-inject-files-into-Docker-containers-CVE-2023-28960"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70592 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-SRX-Series-Policies-that-rely-on-JDPI-Decoder-actions-may-fail-open-CVE-2023-28968"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70600 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-The-kernel-will-crash-when-certain-USB-devices-are-inserted-CVE-2023-28975"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70604 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-In-a-6PE-scenario-upon-receipt-of-a-specific-IPv6-packet-an-integrity-check-fails-CVE-2023-28979"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70603 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Read-access-to-some-confidential-user-information-is-possible-CVE-2023-28978"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70610 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX-Series-The-PFE-may-crash-when-a-lot-of-MAC-addresses-are-being-learned-and-aged-CVE-2023-28984"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70606 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-rib-sharding-scenario-an-rpd-crash-will-happen-shortly-after-a-specific-CLI-command-is-issued-CVE-2023-28980"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70589 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX10002-Failure-of-storm-control-feature-may-lead-to-Denial-of-Service-CVE-2023-28965"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70584 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX10002-PFE-wedges-and-restarts-upon-receipt-of-specific-malformed-packets-CVE-2023-28959"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70605 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-expat-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70608 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-rib-sharding-scenario-when-a-route-is-frequently-updated-an-rpd-memory-leak-will-occur-CVE-2023-28982"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70595 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Paragon-Active-Assurance-Enabling-the-timescaledb-enables-IP-forwarding-CVE-2023-28971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70613 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-JSA-Series-Apache-Commons-Text-prior-to-1-10-0-allows-RCE-when-applied-to-untrusted-input-due-to-insecure-interpolation-defaults-CVE-2022-42889"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70590 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Local-low-privileged-user-with-shell-access-can-execute-CLI-commands-as-root-CVE-2023-28966"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70612 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX10000-Series-PTX1000-Series-The-dcpfe-process-will-crash-when-a-malformed-ethernet-frame-is-received-CVE-2023-1697"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70597 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-The-sysmanctl-shell-command-allows-a-local-user-to-gain-access-to-some-administrative-actions-CVE-2023-28973"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70588 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-flowspec-update-causes-RPD-crash-CVE-2023-28964"
}
]
}
CERTFR-2022-AVI-134
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans Tenable Nessus. Elles permettent Ć un attaquant de provoquer un dĆ©ni de service Ć distance, une atteinte Ć l'intĆ©gritĆ© des donnĆ©es et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions 10.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus versions 8.x ant\u00e9rieures \u00e0 8.15.3",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-134",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-05 du 08 f\u00e9vrier 2022",
"url": "https://www.tenable.com/security/tns-2022-05"
}
]
}
CERTFR-2022-AVI-487
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits IBM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
- IBM TXSeries for Multiplatforms versions 9.1.x sans le correctif de sƩcuritƩ TXSeries_91_SpecialFIX_Liberty_042022
- IBM TXSeries for Multiplatforms versions 8.2.x sans le correctif de sƩcuritƩ TXSeries_82_SpecialFIX_Liberty_042022
- IBM Tivoli Monitoring versions 6.3.0.x antĆ©rieures Ć 6.3.0.7 Fix Pack 7 Service Pack 12
- IBM Cloud Private versions 3.1.0.x
- IBM Cloud Private versions 3.1.1.x
- IBM Cloud Private versions 3.1.2.x
- IBM Cloud Private versions 3.2.0.x
- IBM Cloud Private versions 3.2.1.x antĆ©rieures Ć 3.2.1.2203
- IBM Cloud Private versions 3.2.2.x antĆ©rieures Ć 3.2.2.2203
L'Ć©diteur ne propose pas de correctif pour les versions IBM Cloud Private 3.1.0, 3.1.1, 3.1.2 et 3.2.0 et conseille une mise Ć jour Ć la derniĆØre version CD (Continuous Delivery) IBM Cloud Private 3.2.2.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cul\u003e \u003cli\u003eIBM TXSeries for Multiplatforms versions 9.1.x sans le correctif de s\u00e9curit\u00e9 TXSeries_91_SpecialFIX_Liberty_042022\u003c/li\u003e \u003cli\u003eIBM TXSeries for Multiplatforms versions 8.2.x sans le correctif de s\u00e9curit\u00e9 TXSeries_82_SpecialFIX_Liberty_042022\u003c/li\u003e \u003cli\u003eIBM Tivoli Monitoring versions 6.3.0.x ant\u00e9rieures \u00e0 6.3.0.7 Fix Pack 7 Service Pack 12\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.0.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.1.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.1.2.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.0.x\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.1.x ant\u00e9rieures \u00e0 3.2.1.2203\u003c/li\u003e \u003cli\u003eIBM Cloud Private versions 3.2.2.x ant\u00e9rieures \u00e0 3.2.2.2203\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour les versions IBM Cloud Private 3.1.0, 3.1.1, 3.1.2 et 3.2.0 et conseille une mise \u00e0 jour \u00e0 la derni\u00e8re version CD (Continuous Delivery) IBM Cloud Private 3.2.2.\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-22965",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22965"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-29921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29921"
},
{
"name": "CVE-2021-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23450"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-487",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6587154 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6587154"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588169 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588169"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588149 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588149"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6587158 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6587158"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6588167 du 20 mai 2022",
"url": "https://www.ibm.com/support/pages/node/6588167"
}
]
}
CERTFR-2023-AVI-0785
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Belden. Certaines d'entre elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur, une exĆ©cution de code arbitraire Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Belden | N/A | Hirschmann HiOS MSP30 versions antĆ©rieures Ć 09.0.03 | ||
| Belden | N/A | Hirschmann HiOS RSP2S, RSPS, RSPL,EES, EESX, GRS1020, GRS1030 et RED versions antĆ©rieures Ć 07.1.06 | ||
| Belden | N/A | Hirschmann Lite Managed GECKO versions antĆ©rieures Ć 2.3.4 | ||
| Belden | N/A | Hirschmann Classic RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS et OCTOPUS versions antĆ©rieures Ć 9.1.08 | ||
| Belden | N/A | Hirschmann HiSecOS Eagle versions antĆ©rieures Ć 04.3.02 | ||
| Belden | N/A | Hirschmann HiOS RSP, RSPE, MSP40, GRS, OS et BRS versions antĆ©rieures Ć 09.1.00 | ||
| Belden | N/A | Hirschmann HiLCOS BAT C2 versions antĆ©rieures Ć 9.13 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Hirschmann HiOS MSP30 versions ant\u00e9rieures \u00e0 09.0.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiOS RSP2S, RSPS, RSPL,EES, EESX, GRS1020, GRS1030 et RED versions ant\u00e9rieures \u00e0 07.1.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann Lite Managed GECKO versions ant\u00e9rieures \u00e0 2.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann Classic RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS et OCTOPUS versions ant\u00e9rieures \u00e0 9.1.08",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiSecOS Eagle versions ant\u00e9rieures \u00e0 04.3.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiOS RSP, RSPE, MSP40, GRS, OS et BRS versions ant\u00e9rieures \u00e0 09.1.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
},
{
"description": "Hirschmann HiLCOS BAT C2 versions ant\u00e9rieures \u00e0 9.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Belden",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0785",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nBelden. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Belden",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Belden BSECV-2022-07 du 26 septembre 2023",
"url": "https://assets.belden.com/m/5513203acb22e570/original/Belden_Security_Bulletin_BSECV-2022-07.pdf"
}
]
}
CERTFR-2022-AVI-547
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Siemens. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Teamcenter Active Workspace V5.2 versions antĆ©rieures Ć V5.2.9 | ||
| Siemens | N/A | SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module PROFINET IO variant toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | Teamcenter V12.4 versions antĆ©rieures Ć V12.4.0.13 | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antĆ©rieures Ć V3.0 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 H (6GF3550-0GE10) toutes versions | ||
| Siemens | N/A | SIMATIC MV560 U (6GF3560-0LE10) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions antĆ©rieures Ć V1.1 | ||
| Siemens | N/A | SIMATIC CP 1626 (6GK1162-6AA01) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TIA Portal V16 toutes versions | ||
| Siemens | N/A | RUGGEDCOM CROSSBOW Station Access Controller toutes versions | ||
| Siemens | N/A | Industrial Edge - OPC UA Connector toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions | ||
| Siemens | N/A | Xpedition Designer versions antĆ©rieures Ć X.2.11 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller (incl. F) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential ARM (6MD7881-2AA30) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | Teamcenter V13.2 toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF650R (6GT2811-6AB20) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SIMATIC PDM toutes versions | ||
| Siemens | N/A | RUGGEDCOM NMS toutes versions | ||
| Siemens | N/A | TIA Administrator toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | EN100 Ethernet module IEC 104 variant toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 9 compatible) versions antĆ©rieures Ć 3.2.3 | ||
| Siemens | N/A | SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC NET PC Software V17 toutes versions | ||
| Siemens | N/A | Spectrum Power MGMS toutes versions using Shared HIS | ||
| Siemens | N/A | SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SIMATIC RF188C (6GT2002-0JE40) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC RF680R (6GT2811-6AA10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SINUMERIK Edge versions antĆ©rieures Ć V3.3.0 | ||
| Siemens | N/A | SIMATIC PCS 7 TeleControl toutes versions | ||
| Siemens | N/A | SIMATIC CP 1628 (6GK1162-8AA00) toutes versions | ||
| Siemens | N/A | Teamcenter V13.3 versions antĆ©rieures Ć V13.3.0.3 | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions | ||
| Siemens | N/A | Spectrum Power 4 toutes versions using Shared HIS | ||
| Siemens | N/A | SINEC NMS toutes versions | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF360R (6GT2801-5BA30) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | Industrial Edge - SIMATIC S7 Connector App versions antĆ©rieures Ć V1.7.0 | ||
| Siemens | N/A | SIMATIC RF185C (6GT2002-0JE10) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF188CI (6GT2002-0JE60) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | EN100 Ethernet module DNP3 IP variant toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | Mendix SAML Module (Mendix 8 compatible) versions antĆ©rieures Ć 2.2.2 | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions | ||
| Siemens | N/A | SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions antĆ©rieures Ć V2.0 | ||
| Siemens | N/A | SIMATIC STEP 7 V5.X toutes versions | ||
| Siemens | N/A | SIMATIC RF166C (6GT2002-0EE20) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | EN100 Ethernet module Modbus TCP variant toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V14 toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC Logon toutes versions | ||
| Siemens | N/A | SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SICAM GridEdge Essential Intel (6MD7881-2AA40) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | EN100 Ethernet module IEC 61850 variant versions antĆ©rieures Ć V4.37 | ||
| Siemens | N/A | SINEMA Server V14 toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions | ||
| Siemens | N/A | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions | ||
| Siemens | N/A | SIMATIC PCS neo toutes versions | ||
| Siemens | N/A | Teamcenter V13.1 versions antĆ©rieures Ć V13.1.0.9 | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antĆ©rieures Ć 3.0 SP2 | ||
| Siemens | N/A | RUGGEDCOM ROS Series toutes versions | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 S (6GF3550-0CD10) toutes versions | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V16 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | SINAUT Software ST7sc toutes versions | ||
| Siemens | N/A | Teamcenter V14.0 toutes versions | ||
| Siemens | N/A | SINAUT ST7CC toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV560 X (6GF3560-0HE10) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TIA Portal V15 toutes versions | ||
| Siemens | N/A | TIA Portal V17 toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antĆ©rieures Ć V3.1 | ||
| Siemens | N/A | SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC RF186C (6GT2002-0JE20) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TIA Portal Cloud toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX Series toutes versions | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions | ||
| Siemens | N/A | TALON TC Compact (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions | ||
| Siemens | N/A | Spectrum Power 7 toutes versions using Shared HIS | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC MV540 H (6GF3540-0GE10) toutes versions | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SINEC INS toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF610R (6GT2811-6BC10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | Teamcenter V13.0 versions antĆ©rieures Ć V13.0.0.9 | ||
| Siemens | N/A | SIMATIC RF186CI (6GT2002-0JE50) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | Teamcenter Active Workspace V6.0 versions antĆ©rieures Ć V6.0.3 | ||
| Siemens | N/A | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF685R (6GT2811-6CA10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions | ||
| Siemens | N/A | SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC MV540 S (6GF3540-0CD10) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF615R (6GT2811-6CC10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | Industrial Edge - PROFINET IO Connector toutes versions | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 7 compatible) versions antĆ©rieures Ć 1.16.6 | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TeleControl Server Basic V3 toutes versions | ||
| Siemens | N/A | SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced toutes versions | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module PROFINET IO variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1626 (6GK1162-6AA01) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM CROSSBOW Station Access Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - OPC UA Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Xpedition Designer versions ant\u00e9rieures \u00e0 X.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller (incl. F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential ARM (6MD7881-2AA30) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF650R (6GT2811-6AB20) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 104 variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power MGMS toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF680R (6GT2811-6AA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 TeleControl toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 (6GK1162-8AA00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 4 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - SIMATIC S7 Connector App versions ant\u00e9rieures \u00e0 V1.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module DNP3 IP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5.X toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module Modbus TCP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential Intel (6MD7881-2AA40) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 61850 variant versions ant\u00e9rieures \u00e0 V4.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROS Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT Software ST7sc toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V14.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT ST7CC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 7 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF610R (6GT2811-6BC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V6.0 versions ant\u00e9rieures \u00e0 V6.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF685R (6GT2811-6CA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF615R (6GT2811-6CC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - PROFINET IO Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 1.16.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32285"
},
{
"name": "CVE-2022-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32286"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2021-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
},
{
"name": "CVE-2022-32258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32258"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2022-30231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30231"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2022-32254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32254"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-32145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32145"
},
{
"name": "CVE-2022-32259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32259"
},
{
"name": "CVE-2022-32262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32262"
},
{
"name": "CVE-2017-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
},
{
"name": "CVE-2022-32255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32255"
},
{
"name": "CVE-2020-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-32252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32252"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-37182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37182"
},
{
"name": "CVE-2020-9272",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-26476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26476"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2022-30228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30228"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2022-32251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32251"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2022-30230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30230"
},
{
"name": "CVE-2020-9273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
},
{
"name": "CVE-2022-30229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30229"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-29034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29034"
},
{
"name": "CVE-2022-30937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30937"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27219"
},
{
"name": "CVE-2022-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27221"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-31619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31619"
},
{
"name": "CVE-2022-32261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32261"
},
{
"name": "CVE-2022-32260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32260"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27220"
},
{
"name": "CVE-2022-31465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31465"
},
{
"name": "CVE-2017-9946",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2022-32253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32253"
},
{
"name": "CVE-2022-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32256"
},
{
"name": "CVE-2021-37209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-547",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148078 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-148078.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-220589 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-220589.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-988345 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-988345.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-484086 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330556 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-330556.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145224 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-685781 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-685781.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-693555 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693555.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-911567 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-911567.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-401167 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-401167.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712929 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-679335.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388239 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-388239.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-631336 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740594 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-740594.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-222547 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222547.html"
}
]
}
CERTFR-2023-AVI-0051
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper. Certaines d'entre elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur, une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | NorthStar Controller versions antĆ©rieures Ć 6.2.3 | ||
| Juniper Networks | N/A | Contrail Cloud versions antĆ©rieures Ć 13.7.0 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antĆ©rieures Ć 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks Contrail Service Orchestration (CSO) versions antĆ©rieures Ć 6.3.0 | ||
| Juniper Networks | Junos OS | Junos OS versions antĆ©rieures Ć 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos Space | Junos Space versions antĆ©rieures Ć 22.3R1 | ||
| Juniper Networks | N/A | Cloud Native Contrail Networking versions antĆ©rieures Ć R22.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-22403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
},
{
"name": "CVE-2020-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2023-22393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-22407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
},
{
"name": "CVE-2020-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-22404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
},
{
"name": "CVE-2020-14562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2023-22405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-22409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2023-22416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2018-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2023-22402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2023-22400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2023-22397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2020-8698",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2023-22399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2023-22398",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2023-22401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2023-22396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2020-24489",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
},
{
"name": "CVE-2023-22417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2020-14573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2020-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2020-35498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
},
{
"name": "CVE-2023-22406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2023-22391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-22412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-22415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2007-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2023-22410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2023-22408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-21549",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
},
{
"name": "CVE-2020-14871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-3504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2023-22414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-22411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2022-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2023-22413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
},
{
"name": "CVE-2023-22395",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
},
{
"name": "CVE-2021-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
}
]
}
CERTFR-2022-AVI-767
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits IBM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antĆ©rieures Ć 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antĆ©rieures Ć 7.5.0 Update Pack 2 | ||
| IBM | Spectrum | IBM Spectrum Discover versions antĆ©rieures Ć 2.0.4.7 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antĆ©rieures Ć 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Discover versions ant\u00e9rieures \u00e0 2.0.4.7",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2021-20180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20180"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2020-25658",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25658"
},
{
"name": "CVE-2020-15084",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15084"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2021-3677",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3677"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-24773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24773"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2020-14330",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14330"
},
{
"name": "CVE-2021-42581",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42581"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2021-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43859"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-41496",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41496"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-46462",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46462"
},
{
"name": "CVE-2021-22060",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22060"
},
{
"name": "CVE-2021-23386",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23386"
},
{
"name": "CVE-2022-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0718"
},
{
"name": "CVE-2019-18874",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18874"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-1214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1214"
},
{
"name": "CVE-2022-24772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24772"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-34429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34429"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-24771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24771"
},
{
"name": "CVE-2021-44907",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2021-46461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46461"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2020-13757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13757"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3533"
},
{
"name": "CVE-2021-46463",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46463"
},
{
"name": "CVE-2017-16137",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16137"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
},
{
"name": "CVE-2020-28463",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28463"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614909 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614909"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6614725 du 23 ao\u00fbt 2022",
"url": "https://www.ibm.com/support/pages/node/6614725"
}
]
}
CERTFR-2022-AVI-611
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM QRadar. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et une Ć©lĆ©vation de privilĆØges.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.4.x antĆ©rieures Ć 7.4.3 Patch 5 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.5.x antĆ©rieures Ć 7.5.0 Update Package 2 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.3.x antĆ©rieures Ć 7.3.3 Patch 11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar Network Packet Capture versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Patch 5",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Patch 11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-611",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6601293 du 05 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6601293"
}
]
}
CERTFR-2023-AVI-0310
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper. Certaines d'entre elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur, une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Juniper Secure Analytics (JSA) avec Networks Security Threat Response Manager (STRM) versions antĆ©rieures Ć 7.5.0UP4 | ||
| N/A | N/A | JunosOS versions antĆ©rieures Ć 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.2R3-S7, 19.3R3-S1, 19.3R3-S7, 19.3R3-S8, 19.4R3, 19.4R3-S10, 19.4R3-S11, 19.4R3-S12, 19.4R3-S9, 20.1R2, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1-S1, 20.3R2, 20.3R3-S2, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 20.4R3-S6, 20.4R3-S7, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S2, 21.2R3-S3, 21.2R3-S4, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R1, 21.4R2, 21.4R2-S1, 21.4R3, 21.4R3-S1, 21.4R3-S2, 21.4R3-S3, 22.1R1, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S2, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, 22.4R1-S1, 22.4R2 et 23.1R1 | ||
| N/A | N/A | JunosOS Evolved versions antĆ©rieures Ć 20.1R3-EVO, 20.2R2-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R3-S5-EVO, 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.1R3-S4-EVO, 21.2R3-EVO, 21.2R3-S4-EVO, 21.2R3-S5-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 21.4R3-S1-EVO, 22.1R1-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| N/A | N/A | Paragon Active Assurance versions antĆ©rieures Ć 4.1.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics (JSA) avec Networks Security Threat Response Manager (STRM) versions ant\u00e9rieures \u00e0 7.5.0UP4",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JunosOS versions ant\u00e9rieures \u00e0 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R3-S6, 19.1R3-S4, 19.2R3-S1, 19.2R3-S7, 19.3R3-S1, 19.3R3-S7, 19.3R3-S8, 19.4R3, 19.4R3-S10, 19.4R3-S11, 19.4R3-S12, 19.4R3-S9, 20.1R2, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1-S1, 20.3R2, 20.3R3-S2, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 20.4R3-S6, 20.4R3-S7, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S2, 21.2R3-S3, 21.2R3-S4, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R1, 21.4R2, 21.4R2-S1, 21.4R3, 21.4R3-S1, 21.4R3-S2, 21.4R3-S3, 22.1R1, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S2, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R1-S2, 22.3R2, 22.4R1, 22.4R1-S1, 22.4R2 et 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "JunosOS Evolved versions ant\u00e9rieures \u00e0 20.1R3-EVO, 20.2R2-EVO, 20.3R2-EVO, 20.4R1-EVO, 20.4R3-S5-EVO, 20.4R3-S6-EVO, 20.4R3-S7-EVO, 21.1R3-S4-EVO, 21.2R3-EVO, 21.2R3-S4-EVO, 21.2R3-S5-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 21.4R3-S1-EVO, 22.1R1-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 4.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-28973",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28973"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-28970",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28970"
},
{
"name": "CVE-2023-28967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28967"
},
{
"name": "CVE-2023-28983",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28983"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-28979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28979"
},
{
"name": "CVE-2023-28974",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28974"
},
{
"name": "CVE-2023-28959",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28959"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-28962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28962"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-28975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28975"
},
{
"name": "CVE-2023-28971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28971"
},
{
"name": "CVE-2023-28968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28968"
},
{
"name": "CVE-2023-28961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28961"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2023-28981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28981"
},
{
"name": "CVE-2023-28982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28982"
},
{
"name": "CVE-2022-42889",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
},
{
"name": "CVE-2023-1697",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1697"
},
{
"name": "CVE-2023-28980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28980"
},
{
"name": "CVE-2023-28966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28966"
},
{
"name": "CVE-2023-28976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28976"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-28963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28963"
},
{
"name": "CVE-2023-28978",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28978"
},
{
"name": "CVE-2023-28964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28964"
},
{
"name": "CVE-2023-28960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28960"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2023-28984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28984"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2023-28972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28972"
},
{
"name": "CVE-2023-28965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28965"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0310",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-13T00:00:00.000000"
},
{
"description": "Retrait d\u0027identifiants CVE en double.",
"revision_date": "2023-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70591 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-attacker-sending-genuine-BGP-packets-causes-an-RPD-crash-CVE-2023-28967"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70601 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-MX-Series-If-a-specific-traffic-rate-goes-above-the-DDoS-threshold-it-will-lead-to-an-FPC-crash-CVE-2023-28976"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70587 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70594 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-JRR200-Kernel-crash-upon-receipt-of-a-specific-packet-CVE-2023-28970"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70607 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-If-malformed-IPv6-router-advertisements-are-received-memory-corruption-will-occur-which-causes-an-rpd-crash-CVE-2023-28981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70586 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-ACX-Series-IPv6-firewall-filter-is-not-installed-in-PFE-when-from-next-header-ah-is-used-CVE-2023-28961"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70609 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Shell-Injection-vulnerability-in-the-gNOI-server-CVE-2023-28983"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70599 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-MX-Series-In-a-BBE-scenario-upon-receipt-of-specific-malformed-packets-from-subscribers-the-process-bbe-smgd-will-crash-CVE-2023-28974"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70596 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-NFX-Series-set-system-ports-console-insecure-allows-root-password-recovery-CVE-2023-28972"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70585 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Docker-repository-is-world-writeable-allowing-low-privileged-local-user-to-inject-files-into-Docker-containers-CVE-2023-28960"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70592 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-SRX-Series-Policies-that-rely-on-JDPI-Decoder-actions-may-fail-open-CVE-2023-28968"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70600 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-The-kernel-will-crash-when-certain-USB-devices-are-inserted-CVE-2023-28975"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70604 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-In-a-6PE-scenario-upon-receipt-of-a-specific-IPv6-packet-an-integrity-check-fails-CVE-2023-28979"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70603 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Read-access-to-some-confidential-user-information-is-possible-CVE-2023-28978"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70610 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX-Series-The-PFE-may-crash-when-a-lot-of-MAC-addresses-are-being-learned-and-aged-CVE-2023-28984"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70606 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-rib-sharding-scenario-an-rpd-crash-will-happen-shortly-after-a-specific-CLI-command-is-issued-CVE-2023-28980"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70589 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX10002-Failure-of-storm-control-feature-may-lead-to-Denial-of-Service-CVE-2023-28965"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70584 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX10002-PFE-wedges-and-restarts-upon-receipt-of-specific-malformed-packets-CVE-2023-28959"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70605 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-expat-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70608 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-rib-sharding-scenario-when-a-route-is-frequently-updated-an-rpd-memory-leak-will-occur-CVE-2023-28982"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70595 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Paragon-Active-Assurance-Enabling-the-timescaledb-enables-IP-forwarding-CVE-2023-28971"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70613 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-JSA-Series-Apache-Commons-Text-prior-to-1-10-0-allows-RCE-when-applied-to-untrusted-input-due-to-insecure-interpolation-defaults-CVE-2022-42889"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70590 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-Local-low-privileged-user-with-shell-access-can-execute-CLI-commands-as-root-CVE-2023-28966"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70612 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-QFX10000-Series-PTX1000-Series-The-dcpfe-process-will-crash-when-a-malformed-ethernet-frame-is-received-CVE-2023-1697"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70597 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-Evolved-The-sysmanctl-shell-command-allows-a-local-user-to-gain-access-to-some-administrative-actions-CVE-2023-28973"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70588 du 12 avril 2023",
"url": "https://supportportal.juniper.net/s/article/2023-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-flowspec-update-causes-RPD-crash-CVE-2023-28964"
}
]
}
CERTFR-2023-AVI-0368
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans Tenable Nessus Network Monitor. Elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Tenable Nessus Network Monitor versions antĆ©rieures Ć 6.2.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0368",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor. Elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-19 du 09 mai 2023",
"url": "https://www.tenable.com/security/tns-2023-19"
}
]
}
CERTFR-2022-AVI-663
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM QRadar. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire, un dĆ©ni de service et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar versions 5.4.0.x versions ant\u00e9rieures \u00e0 5.4.0.16",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar versions 5.5.0.x versions ant\u00e9rieures \u00e0 5.5.0.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2019-18197",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18197"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-663",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6605299 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6605299"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6441625 du 19 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6441625"
}
]
}
CERTFR-2022-AVI-611
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM QRadar. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et une Ć©lĆ©vation de privilĆØges.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.4.x antĆ©rieures Ć 7.4.3 Patch 5 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.5.x antĆ©rieures Ć 7.5.0 Update Package 2 | ||
| IBM | QRadar | IBM QRadar Network Packet Capture versions 7.3.x antĆ©rieures Ć 7.3.3 Patch 11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar Network Packet Capture versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Patch 5",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Package 2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar Network Packet Capture versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Patch 11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-611",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6601293 du 05 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6601293"
}
]
}
CERTFR-2023-AVI-1015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Siemens. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et une Ć©lĆ©vation de privilĆØges.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SINAMICS S210 (6SL5...) versions supĆ©rieures ou Ć©gales Ć V6.1 versions antĆ©rieures Ć V6.1 HF2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 230RCEo (6ED1052-2FB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | LOGO! 230RCE (6ED1052-1FB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | LOGO! 12/24RCE (6ED1052-1MD08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | Opcenter Quality toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0) toutes versions | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 24CE (6ED1052-1CC08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 24CEo (6ED1052-2CC08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SINEC INS versions antĆ©rieures Ć V1.0 SP2 Update 2 | ||
| Siemens | N/A | SIMATIC PC-Station Plus toutes versions | ||
| Siemens | N/A | SINAMICS S210 (6SL5...) versions supĆ©rieures Ć V6.1 et antĆ©rieure Ć V6.1 HF2 | ||
| Siemens | N/A | SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC PCS neo versions antĆ©rieures Ć V4.1 | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions | ||
| Siemens | N/A | SINUMERIK ONE toutes versions | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions | ||
| Siemens | N/A | SINUMERIK MC toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antĆ©rieures Ć V2.60 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SINAMICS S120 (incl. SIPLUS variants) versions antĆ©rieures Ć V5.2 SP3 HF15 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) versions V14 Ć V18 antĆ©rieures Ć V18 Update 3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antĆ©rieures Ć V2.60 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | LOGO! 24RCE (6ED1052-1HB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) versions antĆ©rieures Ć V19 | ||
| Siemens | N/A | LOGO! 24RCEo (6ED1052-2HB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SINUMERIK Integrate RunMyHMI /Automotive toutes versions | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antĆ©rieures Ć V6.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE S615 EEC (6GK5615-0AA01-2AA2) toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC CP 1243-1 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S210 (6SL5...) versions sup\u00e9rieures ou \u00e9gales \u00e0V6.1 versions ant\u00e9rieures \u00e0 V6.1 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 230RCEo (6ED1052-2FB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 230RCE (6ED1052-1FB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 12/24RCE (6ED1052-1MD08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Opcenter Quality toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24CE (6ED1052-1CC08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24CEo (6ED1052-2CC08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS versions ant\u00e9rieures \u00e0 V1.0 SP2 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PC-Station Plus toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S210 (6SL5...) versions sup\u00e9rieures \u00e0 V6.1 et ant\u00e9rieure \u00e0 V6.1 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK ONE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK MC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 V2.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V5.2 SP3 HF15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) versions V14 \u00e0 V18 ant\u00e9rieures \u00e0 V18 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 V2.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24RCE (6ED1052-1HB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V19",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24RCEo (6ED1052-2HB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Integrate RunMyHMI /Automotive toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 EEC (6GK5615-0AA01-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-0663",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0663"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2019-6111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
},
{
"name": "CVE-2019-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3859"
},
{
"name": "CVE-2019-3861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3861"
},
{
"name": "CVE-2019-3860",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3860"
},
{
"name": "CVE-2019-3858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3858"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-13565",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
},
{
"name": "CVE-2019-13057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2019-19926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
},
{
"name": "CVE-2019-19925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
},
{
"name": "CVE-2019-19880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
},
{
"name": "CVE-2019-19923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
},
{
"name": "CVE-2019-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2019-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2020-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
},
{
"name": "CVE-2020-36224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
},
{
"name": "CVE-2020-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
},
{
"name": "CVE-2020-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
},
{
"name": "CVE-2020-36225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
},
{
"name": "CVE-2020-36228",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
},
{
"name": "CVE-2020-36223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
},
{
"name": "CVE-2020-36229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
},
{
"name": "CVE-2020-36226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
},
{
"name": "CVE-2020-36230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2021-28363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2021-20305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2020-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2020-29362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29362"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2020-29363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29363"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"name": "CVE-2016-10228",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
},
{
"name": "CVE-2020-29361",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29361"
},
{
"name": "CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"name": "CVE-2020-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8315"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2019-6110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2019-16905",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2019-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5436"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2019-19603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2019-19317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
},
{
"name": "CVE-2019-19924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2019-19242",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2019-19244",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-29155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29155"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2021-4122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-2274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2020-15523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15523"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-25136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25136"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2018-12886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12886"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2023-31238",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31238"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2023-30901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30901"
},
{
"name": "CVE-2021-3998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3998"
},
{
"name": "CVE-2019-20218",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20218"
},
{
"name": "CVE-2020-35527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35527"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2019-19959",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19959"
},
{
"name": "CVE-2020-35525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35525"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2021-31239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31239"
},
{
"name": "CVE-2016-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3709"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-34319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34319"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2023-28831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28831"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-31085",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31085"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-44321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
},
{
"name": "CVE-2023-44374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
},
{
"name": "CVE-2023-44320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2023-44318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-44322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2020-19186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
},
{
"name": "CVE-2020-19190",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
},
{
"name": "CVE-2020-19185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2020-19187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
},
{
"name": "CVE-2020-19188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2019-11360",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11360"
},
{
"name": "CVE-2019-13627",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13627"
},
{
"name": "CVE-2019-7309",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7309"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2019-1010024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010024"
},
{
"name": "CVE-2022-47375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47375"
},
{
"name": "CVE-2019-19126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19126"
},
{
"name": "CVE-2023-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46283"
},
{
"name": "CVE-2023-46282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46282"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2014-7209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7209"
},
{
"name": "CVE-2023-48431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48431"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2017-17512",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17512"
},
{
"name": "CVE-2020-1712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
},
{
"name": "CVE-2023-48430",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48430"
},
{
"name": "CVE-2019-6488",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6488"
},
{
"name": "CVE-2023-39128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39128"
},
{
"name": "CVE-2018-20482",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20482"
},
{
"name": "CVE-2021-27212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27212"
},
{
"name": "CVE-2019-5481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5481"
},
{
"name": "CVE-2021-43396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43396"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2019-20795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20795"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2020-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21913"
},
{
"name": "CVE-2019-12904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12904"
},
{
"name": "CVE-2021-28041",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28041"
},
{
"name": "CVE-2022-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42784"
},
{
"name": "CVE-2023-48427",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48427"
},
{
"name": "CVE-2020-24659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24659"
},
{
"name": "CVE-2023-48429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48429"
},
{
"name": "CVE-2020-12062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12062"
},
{
"name": "CVE-2019-1010023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010023"
},
{
"name": "CVE-2023-49692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
},
{
"name": "CVE-2016-10739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10739"
},
{
"name": "CVE-2019-1010180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010180"
},
{
"name": "CVE-2023-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46285"
},
{
"name": "CVE-2023-46156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46156"
},
{
"name": "CVE-2019-5435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5435"
},
{
"name": "CVE-2019-15847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15847"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2019-20367",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20367"
},
{
"name": "CVE-2023-46284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46284"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2019-1010022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010022"
},
{
"name": "CVE-2020-6096",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6096"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-48428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48428"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2019-17498",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17498"
},
{
"name": "CVE-2023-49691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
},
{
"name": "CVE-2023-25139",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25139"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2020-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1751"
},
{
"name": "CVE-2019-1010025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010025"
},
{
"name": "CVE-2019-12290",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12290"
},
{
"name": "CVE-2019-18224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18224"
},
{
"name": "CVE-2018-18928",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18928"
},
{
"name": "CVE-2022-27943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27943"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2020-21047",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21047"
},
{
"name": "CVE-2021-46195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46195"
},
{
"name": "CVE-2023-38380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38380"
},
{
"name": "CVE-2023-28531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28531"
},
{
"name": "CVE-2020-11501",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11501"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2022-47374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47374"
},
{
"name": "CVE-2023-46281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46281"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2020-15801",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15801"
},
{
"name": "CVE-2022-46141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46141"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2020-13529",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13529"
},
{
"name": "CVE-2023-27371",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27371"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2021-20193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2019-9923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
},
{
"name": "CVE-2020-13777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13777"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2020-14422",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14422"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2021-4209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4209"
},
{
"name": "CVE-2018-19591",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19591"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-844582 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-180704 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-480095.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-077170 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-480095 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-118850 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-118850.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-068047 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-077170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-892915 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-280603.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-999588 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-280603 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-693975 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-892915.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-887801 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-887801.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-592380 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-844582.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-398330 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-592380.html"
}
]
}
CERTFR-2022-AVI-187
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dansĀ le serveur HTTP d'IBM WebSphere. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM HTTP Server versions 9.0.0.0 Ć 9.0.5.10 sans le correctif de sĆ©curitĆ© temporaire PH43122, la version 9.0.5.11 devrait ĆŖtre disponible au premier trimestre 2022 | ||
| IBM | WebSphere | IBM HTTP Server versions 8.5.0.0 Ć 8.5.5.21 sans le correctif de sĆ©curitĆ© temporaire PH43122, la version 8.5.5.22 devrait ĆŖtre disponible au troisiĆØme trimestre 2022 | ||
| IBM | WebSphere | IBM HTTP Server versions 8.0.0.0 Ć 8.0.0.15 sans le correctif de sĆ©curitĆ© temporaire PH43122 | ||
| IBM | WebSphere | IBM HTTP Server versions 7.0.0.0 Ć 7.0.0.45 sans le correctif de sĆ©curitĆ© temporaire PH43122 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM HTTP Server versions 9.0.0.0 \u00e0 9.0.5.10 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122, la version 9.0.5.11 devrait \u00eatre disponible au premier trimestre 2022",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 8.5.0.0 \u00e0 8.5.5.21 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122, la version 8.5.5.22 devrait \u00eatre disponible au troisi\u00e8me trimestre 2022",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 8.0.0.0 \u00e0 8.0.0.15 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 7.0.0.0 \u00e0 7.0.0.45 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-187",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0le serveur HTTP\nd\u0027IBM WebSphere. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le serveur HTTP d\u0027IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6559296 du 24 f\u00e9vrier 2022",
"url": "https://www.ibm.com/support/pages/node/6559296"
}
]
}
CERTFR-2022-AVI-683
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM QRadar SIEM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et une atteinte Ć l'intĆ©gritĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.x antĆ©rieures Ć 7.3.3 Fix Pack 12 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.5.x antĆ©rieures Ć 7.5.0 Update Pack 2 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.x antĆ©rieures Ć 7.4.3 Fix Pack 6 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 Fix Pack 12",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 Update Pack 2",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.x ant\u00e9rieures \u00e0 7.4.3 Fix Pack 6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-0261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0261"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2017-9801",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9801"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23177"
},
{
"name": "CVE-2021-39088",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39088"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2018-1294",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1294"
},
{
"name": "CVE-2022-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0392"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2021-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31566"
},
{
"name": "CVE-2022-0359",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0359"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0361"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-683",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607135 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607135"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607133 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607133"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607137 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607137"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6607129 du 26 juillet 2022",
"url": "https://www.ibm.com/support/pages/node/6607129"
}
]
}
CERTFR-2023-AVI-0368
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans Tenable Nessus Network Monitor. Elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Tenable Nessus Network Monitor versions antĆ©rieures Ć 6.2.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.2.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
},
{
"name": "CVE-2023-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-4203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
},
{
"name": "CVE-2023-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0368",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor. Elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2023-19 du 09 mai 2023",
"url": "https://www.tenable.com/security/tns-2023-19"
}
]
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper Networks. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, une Ć©lĆ©vation de privilĆØges et un dĆ©ni de service Ć distance.
Solutions
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antĆ©rieures Ć 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antĆ©rieures Ć 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antĆ©rieures Ć 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antĆ©rieures Ć 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antĆ©rieures Ć 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antĆ©rieures Ć 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antĆ©rieures Ć 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antĆ©rieures Ć 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antĆ©rieures Ć 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antĆ©rieures Ć 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antĆ©rieures Ć 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antĆ©rieures Ć 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antĆ©rieures Ć 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antĆ©rieures Ć 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antĆ©rieures Ć 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antĆ©rieures Ć 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antĆ©rieures Ć 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antĆ©rieures Ć 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antĆ©rieures Ć 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antĆ©rieures Ć 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antĆ©rieures Ć 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antĆ©rieures Ć 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antĆ©rieures Ć 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antĆ©rieures Ć 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antĆ©rieures Ć 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antĆ©rieures Ć 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antĆ©rieures Ć before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antĆ©rieures Ć 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antĆ©rieures Ć 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antĆ©rieures Ć 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antĆ©rieures Ć 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antĆ©rieures Ć 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antĆ©rieures Ć 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antĆ©rieures Ć 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antĆ©rieures Ć 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antĆ©rieures Ć 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antĆ©rieures Ć 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antĆ©rieures Ć 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antĆ©rieures Ć 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antĆ©rieures Ć 21.2R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antĆ©rieures Ć 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antĆ©rieures Ć 22.1R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antĆ©rieures Ć 22.2R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antĆ©rieures Ć 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antĆ©rieures Ć 22.3R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antĆ©rieures Ć 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antĆ©rieures Ć 22.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antĆ©rieures Ć 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antĆ©rieures Ć 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antĆ©rieures Ć 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antĆ©rieures Ć 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antĆ©rieures Ć 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antĆ©rieures Ć 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antĆ©rieures Ć 23.4R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antĆ©rieures Ć 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antĆ©rieures Ć 21.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antĆ©rieures Ć 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antĆ©rieures Ć 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antĆ©rieures Ć 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antĆ©rieures Ć 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antĆ©rieures Ć 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antĆ©rieures Ć 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antĆ©rieures Ć 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antĆ©rieures Ć 23.1R2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antĆ©rieures Ć 23.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antĆ©rieures Ć 23.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antĆ©rieures Ć 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions antĆ©rieures Ć 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos Space versions antĆ©rieures Ć 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antĆ©rieures Ć 20.4R3-S10 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antĆ©rieures Ć 21.2R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antĆ©rieures Ć 21.3R3-S5 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antĆ©rieures Ć 21.4R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antĆ©rieures Ć 22.1R3-S4 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antĆ©rieures Ć 22.2R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antĆ©rieures Ć 22.3R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antĆ©rieures Ć 22.4R3 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antĆ©rieures Ć 23.2R2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antĆ©rieures Ć SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antĆ©rieures Ć SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Session Smart Router versions antĆ©rieures Ć SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antĆ©rieures Ć 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antĆ©rieures Ć 21.4R3-S7-EVO |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
CERTFR-2022-AVI-201
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans IBM WebSphere. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 9.0.x.x antĆ©rieures Ć 9.0.5.11 | ||
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 7.0.0.x antĆ©rieures Ć 7.0.0.45 sans le correctif PH43122 | ||
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 8.0.0.x antĆ©rieures Ć 8.0.0.15 sans le correctif PH43122 | ||
| IBM | WebSphere | IBM HTTP Server utilisĆ© par IBM WebSphere Application Server versions 8.5.x.x antĆ©rieures Ć 8.5.5.22 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 9.0.x.x ant\u00e9rieures \u00e0 9.0.5.11",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 7.0.0.x ant\u00e9rieures \u00e0 7.0.0.45 sans le correctif PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 8.0.0.x ant\u00e9rieures \u00e0 8.0.0.15 sans le correctif PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server utilis\u00e9 par IBM WebSphere Application Server versions 8.5.x.x ant\u00e9rieures \u00e0 8.5.5.22",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-201",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM WebSphere.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6559296 du 02 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6559296"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560814 du 02 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6560814"
}
]
}
CERTFR-2023-AVI-0051
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper. Certaines d'entre elles permettent Ć un attaquant de provoquer un problĆØme de sĆ©curitĆ© non spĆ©cifiĆ© par l'Ć©diteur, une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | NorthStar Controller versions antĆ©rieures Ć 6.2.3 | ||
| Juniper Networks | N/A | Contrail Cloud versions antĆ©rieures Ć 13.7.0 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antĆ©rieures Ć 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks Contrail Service Orchestration (CSO) versions antĆ©rieures Ć 6.3.0 | ||
| Juniper Networks | Junos OS | Junos OS versions antĆ©rieures Ć 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos Space | Junos Space versions antĆ©rieures Ć 22.3R1 | ||
| Juniper Networks | N/A | Cloud Native Contrail Networking versions antĆ©rieures Ć R22.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-22403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
},
{
"name": "CVE-2020-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2023-22393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-22407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
},
{
"name": "CVE-2020-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-22404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
},
{
"name": "CVE-2020-14562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2023-22405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-22409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2023-22416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2018-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2023-22402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2023-22400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2023-22397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2020-8698",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2023-22399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2023-22398",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2023-22401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2023-22396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2020-24489",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
},
{
"name": "CVE-2023-22417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2020-14573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2020-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2020-35498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
},
{
"name": "CVE-2023-22406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2023-22391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-22412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-22415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2007-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2023-22410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2023-22408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-21549",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
},
{
"name": "CVE-2020-14871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-3504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2023-22414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-22411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2022-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2023-22413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
},
{
"name": "CVE-2023-22395",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
},
{
"name": "CVE-2021-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
}
]
}
CERTFR-2022-AVI-187
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dansĀ le serveur HTTP d'IBM WebSphere. Elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance et un dĆ©ni de service Ć distance.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | IBM HTTP Server versions 9.0.0.0 Ć 9.0.5.10 sans le correctif de sĆ©curitĆ© temporaire PH43122, la version 9.0.5.11 devrait ĆŖtre disponible au premier trimestre 2022 | ||
| IBM | WebSphere | IBM HTTP Server versions 8.5.0.0 Ć 8.5.5.21 sans le correctif de sĆ©curitĆ© temporaire PH43122, la version 8.5.5.22 devrait ĆŖtre disponible au troisiĆØme trimestre 2022 | ||
| IBM | WebSphere | IBM HTTP Server versions 8.0.0.0 Ć 8.0.0.15 sans le correctif de sĆ©curitĆ© temporaire PH43122 | ||
| IBM | WebSphere | IBM HTTP Server versions 7.0.0.0 Ć 7.0.0.45 sans le correctif de sĆ©curitĆ© temporaire PH43122 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM HTTP Server versions 9.0.0.0 \u00e0 9.0.5.10 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122, la version 9.0.5.11 devrait \u00eatre disponible au premier trimestre 2022",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 8.5.0.0 \u00e0 8.5.5.21 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122, la version 8.5.5.22 devrait \u00eatre disponible au troisi\u00e8me trimestre 2022",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 8.0.0.0 \u00e0 8.0.0.15 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM HTTP Server versions 7.0.0.0 \u00e0 7.0.0.45 sans le correctif de s\u00e9curit\u00e9 temporaire PH43122",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-187",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0le serveur HTTP\nd\u0027IBM WebSphere. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le serveur HTTP d\u0027IBM WebSphere",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6559296 du 24 f\u00e9vrier 2022",
"url": "https://www.ibm.com/support/pages/node/6559296"
}
]
}
CERTFR-2022-AVI-134
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans Tenable Nessus. Elles permettent Ć un attaquant de provoquer un dĆ©ni de service Ć distance, une atteinte Ć l'intĆ©gritĆ© des donnĆ©es et une atteinte Ć la confidentialitĆ© des donnĆ©es.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus versions 10.x ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus versions 8.x ant\u00e9rieures \u00e0 8.15.3",
"product": {
"name": "Nessus",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-134",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-05 du 08 f\u00e9vrier 2022",
"url": "https://www.tenable.com/security/tns-2022-05"
}
]
}
CERTFR-2022-AVI-916
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antĆ©rieures Ć R22.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions antĆ©rieures Ć 3.1.1 | ||
| Juniper Networks | Junos Space | Junos Space versions antĆ©rieures Ć 22.2R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antĆ©rieures Ć 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO | ||
| Juniper Networks | N/A | Contrail Networking versions antĆ©rieures Ć 2011.L5 | ||
| Juniper Networks | N/A | Steel Belted Radius Carrier Edition versions antĆ©rieures Ć 8.6.0R16 | ||
| Juniper Networks | Junos OS | Junos OS versions antĆ©rieures Ć 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antĆ©rieures Ć 5.4.7 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions 5.5.x antĆ©rieures Ć 5.5.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antĆ©rieures Ć 3.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Steel Belted Radius Carrier Edition versions ant\u00e9rieures \u00e0 8.6.0R16",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 5.4.7",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 5.5.x ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22243"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2022-22238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22238"
},
{
"name": "CVE-2022-22249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22249"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22227"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2022-22208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22208"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22201"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2018-20532",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20532"
},
{
"name": "CVE-2022-22246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22246"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2022-22250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22250"
},
{
"name": "CVE-2022-22192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22192"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2022-22239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22239"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22241"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22226"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2022-22229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22229"
},
{
"name": "CVE-2018-20534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20534"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22225"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2022-22245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22245"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2018-10689",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2022-22232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22232"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-22240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22240"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22234"
},
{
"name": "CVE-2022-22242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2022-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22251"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2022-22244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22244"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2022-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22233"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2018-20533",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20533"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2022-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22224"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22247"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2022-22199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22199"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-22236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22236"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2022-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22248"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-22220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22220"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22228"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2022-22223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22223"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-2684",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2684"
},
{
"name": "CVE-2021-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0543"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2022-22231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22231"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22235"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-22211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22211"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2022-22230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22230"
},
{
"name": "CVE-2022-22237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22237"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-916",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69906",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-might-be-seen-due-to-mac-moves-within-the-same-bridge-domain-CVE-2022-22249"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69885",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69888",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69886",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-Unified-Threat-Management-UTM-Enhanced-Content-Filtering-CF-is-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22232"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69899",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69881",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-SBR-Carrier-Multiple-Vulnerabilities-resolved-in-version-8-6-0R16-64-bit-Solaris-and-Linux-editions"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69894",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-process-will-crash-when-a-malformed-incoming-RESV-message-is-processed-CVE-2022-22238"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69898",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-core-upon-receipt-of-a-specific-EVPN-route-by-a-BGP-route-reflector-in-an-EVPN-environment-CVE-2022-22199"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69895",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-The-ssh-CLI-command-always-runs-as-root-which-can-lead-to-privilege-escalation-CVE-2022-22239"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69908",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-cSRX-Series-Storing-Passwords-in-a-Recoverable-Format-and-software-permissions-issues-allows-a-local-attacker-to-elevate-privileges-CVE-2022-22251"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69874",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PPMD-goes-into-infinite-loop-upon-receipt-of-malformed-OSPF-TLV-CVE-2022-22224"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69902",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Due-to-a-race-condition-the-rpd-process-can-crash-upon-receipt-of-a-BGP-update-message-containing-flow-spec-route-CVE-2022-22220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69879",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-can-occur-due-to-memory-corruption-caused-by-flapping-BGP-sessions-CVE-2022-22208"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69890",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX2300-and-EX3400-Series-One-of-more-SFPs-might-become-unavailable-when-the-system-is-very-busy-CVE-2022-22234"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69875",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-multipath-scenario-when-one-of-the-contributing-routes-is-flapping-often-and-rapidly-rpd-may-crash-CVE-2022-22225"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69915",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-An-attacker-can-cause-a-kernel-panic-by-sending-a-malformed-TCP-packet-to-the-device-CVE-2022-22192"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69878",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Specific-IPv6-transit-traffic-gets-exceptioned-to-the-routing-engine-which-will-cause-increased-CPU-utilization-CVE-2022-22227"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69907",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69891",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-will-be-observed-when-malformed-GPRS-traffic-is-processed-CVE-2022-22235"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69882",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69876",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX4300-MP-EX4600-QFX5000-Series-In-VxLAN-scenarios-specific-packets-processed-cause-a-memory-leak-leading-to-a-PFE-crash-CVE-2022-22226"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69892",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-When-specific-valid-SIP-packets-are-received-the-PFE-will-crash-CVE-2022-22236"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69889",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69887",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69900",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX5000-Series-with-SPC3-SRX4000-Series-and-vSRX-When-PowerMode-IPsec-is-configured-the-PFE-will-crash-upon-receipt-of-a-malformed-ESP-packet-CVE-2022-22201"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69884",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-specific-OSPFv3-LSAs-CVE-2022-22230"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69901",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Upon-processing-of-a-genuine-packet-the-pkid-process-will-crash-during-CMPv2-auto-re-enrollment-CVE-2022-22218"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69905",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Incorrect-file-permissions-can-allow-low-privileged-user-to-cause-another-user-to-execute-arbitrary-commands-CVE-2022-22248"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69893",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Peers-not-configured-for-TCP-AO-can-establish-a-BGP-or-LDP-session-even-if-authentication-is-configured-locally-CVE-2022-22237"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69904",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Kernel-processing-of-unvalidated-TCP-segments-could-lead-to-a-Denial-of-Service-DoS-CVE-2022-22247"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69880",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69873",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-QFX10000-Series-In-IP-MPLS-PHP-node-scenarios-upon-receipt-of-certain-crafted-packets-multiple-interfaces-in-LAG-configurations-may-detach-CVE-2022-22223"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69896",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-memory-leak-might-be-observed-while-running-a-specific-cli-command-in-a-RIB-sharding-scenario-CVE-2022-22240"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69897",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L5"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69916",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-Multiple-FPCs-become-unreachable-due-to-continuous-polling-of-specific-SNMP-OID-CVE-2022-22211"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69883",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Paragon-Active-Assurance-Formerly-Netrounds-Stored-Cross-site-Scripting-XSS-vulnerability-in-web-administration-CVE-2022-22229"
}
]
}
CERTFR-2023-AVI-1015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Siemens. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et une Ć©lĆ©vation de privilĆØges.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SINAMICS S210 (6SL5...) versions supĆ©rieures ou Ć©gales Ć V6.1 versions antĆ©rieures Ć V6.1 HF2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 230RCEo (6ED1052-2FB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | LOGO! 230RCE (6ED1052-1FB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | LOGO! 12/24RCE (6ED1052-1MD08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | Opcenter Quality toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0) toutes versions | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 24CE (6ED1052-1CC08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | LOGO! 24CEo (6ED1052-2CC08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SINEC INS versions antĆ©rieures Ć V1.0 SP2 Update 2 | ||
| Siemens | N/A | SIMATIC PC-Station Plus toutes versions | ||
| Siemens | N/A | SINAMICS S210 (6SL5...) versions supĆ©rieures Ć V6.1 et antĆ©rieure Ć V6.1 HF2 | ||
| Siemens | N/A | SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC PCS neo versions antĆ©rieures Ć V4.1 | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions | ||
| Siemens | N/A | SINUMERIK ONE toutes versions | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions | ||
| Siemens | N/A | SINUMERIK MC toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antĆ©rieures Ć V2.60 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SINAMICS S120 (incl. SIPLUS variants) versions antĆ©rieures Ć V5.2 SP3 HF15 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | Totally Integrated Automation Portal (TIA Portal) versions V14 Ć V18 antĆ©rieures Ć V18 Update 3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antĆ©rieures Ć V2.60 | ||
| Siemens | N/A | SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | LOGO! 24RCE (6ED1052-1HB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) versions antĆ©rieures Ć V19 | ||
| Siemens | N/A | LOGO! 24RCEo (6ED1052-2HB08-0BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SINUMERIK Integrate RunMyHMI /Automotive toutes versions | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antĆ©rieures Ć V6.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SCALANCE S615 EEC (6GK5615-0AA01-2AA2) toutes versions | ||
| Siemens | N/A | SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) toutes versions supĆ©rieures ou Ć©gales Ć V8.3 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC CP 1243-1 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions antĆ©rieures Ć V7.2.2 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) versions antĆ©rieures Ć V3.1.0 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions antĆ©rieures Ć V8.0 | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511T-1 PN (6ES7511-1TL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S210 (6SL5...) versions sup\u00e9rieures ou \u00e9gales \u00e0V6.1 versions ant\u00e9rieures \u00e0 V6.1 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515-2 PN (6ES7515-2AN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515TF-2 PN (6ES7515-2UN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511-1 PN (6ES7511-1AL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP01-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515T-2 PN (6ES7515-2TN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 230RCEo (6ED1052-2FB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 230RCE (6ED1052-1FB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SP F-2 PN (6ES7514-2SN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518-4 PN/DP (6AG1518-4AP00-4AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller CPU 1507D TF (6ES7615-7DF10-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511C-1 PN (6ES7511-1CL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 12/24RCE (6ED1052-1MD08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Opcenter Quality toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP (6ES7516-3UN00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP (6AG1518-4AX00-4AC0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP F-1 PN (6ES7510-1SK03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511F-1 PN (6ES7511-1FL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518-4 PN/DP (6ES7518-4AP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1511TF-1 PN (6ES7511-1UL03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24CE (6ED1052-1CC08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517F-3 PN/DP (6ES7517-3FP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513F-1 PN (6ES7513-1FM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SPT F-2 PN (6ES7514-2WN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1510SP-1 PN (6ES7510-1DK03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517T-3 PN/DP (6ES7517-3TP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518T-4 PN/DP (6ES7518-4TP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP-1 PN (6ES7512-1DM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516-3 PN/DP (6ES7516-3AP03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24CEo (6ED1052-2CC08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP (6ES7518-4FX00-1AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS versions ant\u00e9rieures \u00e0 V1.0 SP2 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PC-Station Plus toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S210 (6SL5...) versions sup\u00e9rieures \u00e0 V6.1 et ant\u00e9rieure \u00e0 V6.1 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (6GK5876-4AA10-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK ONE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK MC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SPT-2 PN (6ES7514-2VN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 V2.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V5.2 SP3 HF15",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1513-1 PN (6ES7513-1AM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Totally Integrated Automation Portal (TIA Portal) versions V14 \u00e0 V18 ant\u00e9rieures \u00e0 V18 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517-3 PN/DP (6ES7517-3AP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1514SP-2 PN (6ES7514-2DN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516T-3 PN/DP (6ES7516-3TN00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518F-4 PN/DP (6ES7518-4FP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1515F-2 PN (6ES7515-2FN03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 V2.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP (6ES7518-4UP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller CPU 1504D TF (6ES7615-4DF10-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24RCE (6ED1052-1HB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V19",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! 24RCEo (6ED1052-2HB08-0BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Integrate RunMyHMI /Automotive toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1516F-3 PN/DP (6ES7516-3FP03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP (6ES7518-4AX00-1AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1500 CPU 1518F-4 PN/DP (6AG1518-4FP00-4AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 EEC (6GK5615-0AA01-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) toutes versions sup\u00e9rieures ou \u00e9gales \u00e0 V8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512SP F-1 PN (6ES7512-1SM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 EEC (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) versions ant\u00e9rieures \u00e0 V7.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP (6ES7517-3UP00-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU 1512C-1 PN (6ES7512-1CM03-0AB0) versions ant\u00e9rieures \u00e0 V3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) versions ant\u00e9rieures \u00e0 V8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-0663",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0663"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2019-6111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2019-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5443"
},
{
"name": "CVE-2019-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-3859",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3859"
},
{
"name": "CVE-2019-3861",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3861"
},
{
"name": "CVE-2019-3860",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3860"
},
{
"name": "CVE-2019-3858",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3858"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-13565",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
},
{
"name": "CVE-2019-13057",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13057"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-16168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
},
{
"name": "CVE-2019-19926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
},
{
"name": "CVE-2019-19925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
},
{
"name": "CVE-2019-19880",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
},
{
"name": "CVE-2019-19923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
},
{
"name": "CVE-2019-5018",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5018"
},
{
"name": "CVE-2019-9936",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
},
{
"name": "CVE-2019-5482",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
},
{
"name": "CVE-2019-19646",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
},
{
"name": "CVE-2020-7595",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
},
{
"name": "CVE-2020-8169",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2019-19906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19906"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2019-19956",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2020-8286",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
},
{
"name": "CVE-2020-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
},
{
"name": "CVE-2020-36224",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
},
{
"name": "CVE-2020-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
},
{
"name": "CVE-2020-36227",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
},
{
"name": "CVE-2020-36225",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
},
{
"name": "CVE-2020-36228",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
},
{
"name": "CVE-2020-36223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
},
{
"name": "CVE-2020-36229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
},
{
"name": "CVE-2020-36226",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
},
{
"name": "CVE-2020-36230",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2021-28363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28363"
},
{
"name": "CVE-2020-8284",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
},
{
"name": "CVE-2021-22901",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
},
{
"name": "CVE-2019-17543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17543"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2019-19645",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2020-10543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
},
{
"name": "CVE-2020-12723",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12723"
},
{
"name": "CVE-2021-20305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
},
{
"name": "CVE-2019-20388",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-8177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2021-27218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2020-24977",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2020-29362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29362"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2020-29363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29363"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2020-13776",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2020-25692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
},
{
"name": "CVE-2016-10228",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
},
{
"name": "CVE-2020-29361",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29361"
},
{
"name": "CVE-2021-3541",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2020-8231",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2021-3537",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
},
{
"name": "CVE-2020-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8315"
},
{
"name": "CVE-2020-27618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
},
{
"name": "CVE-2021-22926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-36222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36222"
},
{
"name": "CVE-2021-22947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
},
{
"name": "CVE-2021-22945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-40303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2022-42898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42898"
},
{
"name": "CVE-2019-6110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2019-16905",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2019-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5436"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2019-19603",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
},
{
"name": "CVE-2021-22890",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
},
{
"name": "CVE-2021-22876",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
},
{
"name": "CVE-2019-19317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
},
{
"name": "CVE-2019-19924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2021-22897",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2021-22923",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
},
{
"name": "CVE-2019-19242",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
},
{
"name": "CVE-2021-22898",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
},
{
"name": "CVE-2021-22922",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
},
{
"name": "CVE-2019-19244",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12762",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12762"
},
{
"name": "CVE-2019-17594",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17594"
},
{
"name": "CVE-2019-17595",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17595"
},
{
"name": "CVE-2021-20231",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20231"
},
{
"name": "CVE-2021-36085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36085"
},
{
"name": "CVE-2021-36084",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36084"
},
{
"name": "CVE-2021-20232",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20232"
},
{
"name": "CVE-2021-36086",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36086"
},
{
"name": "CVE-2021-3580",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3580"
},
{
"name": "CVE-2021-36087",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36087"
},
{
"name": "CVE-2021-33560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33560"
},
{
"name": "CVE-2021-28153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28153"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2022-29155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29155"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2021-4122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4122"
},
{
"name": "CVE-2022-27774",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
},
{
"name": "CVE-2022-27775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
},
{
"name": "CVE-2022-22576",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
},
{
"name": "CVE-2022-27776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-2274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2022-27778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27778"
},
{
"name": "CVE-2021-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
},
{
"name": "CVE-2022-23218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2022-26488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26488"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2022-27781",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2019-18348",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18348"
},
{
"name": "CVE-2020-15523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15523"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2022-37454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2022-35260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35260"
},
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2022-42915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-25136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25136"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2022-45873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45873"
},
{
"name": "CVE-2022-3821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3821"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2018-12886",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12886"
},
{
"name": "CVE-2022-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1304"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2023-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-27535",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
},
{
"name": "CVE-2022-27779",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27779"
},
{
"name": "CVE-2023-27533",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
},
{
"name": "CVE-2023-27538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
},
{
"name": "CVE-2023-27534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
},
{
"name": "CVE-2023-27536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
},
{
"name": "CVE-2022-27780",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
},
{
"name": "CVE-2022-30115",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30115"
},
{
"name": "CVE-2023-27537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
},
{
"name": "CVE-2020-1752",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
},
{
"name": "CVE-2021-35942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
},
{
"name": "CVE-2021-38604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
},
{
"name": "CVE-2023-31238",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31238"
},
{
"name": "CVE-2020-29562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
},
{
"name": "CVE-2021-27645",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
},
{
"name": "CVE-2023-30901",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30901"
},
{
"name": "CVE-2021-3998",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3998"
},
{
"name": "CVE-2019-20218",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20218"
},
{
"name": "CVE-2020-35527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35527"
},
{
"name": "CVE-2016-3189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
},
{
"name": "CVE-2019-19959",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19959"
},
{
"name": "CVE-2020-35525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35525"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2021-31239",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31239"
},
{
"name": "CVE-2016-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3709"
},
{
"name": "CVE-2021-28861",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28861"
},
{
"name": "CVE-2023-3212",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
},
{
"name": "CVE-2023-0361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2023-3609",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3609"
},
{
"name": "CVE-2023-34319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34319"
},
{
"name": "CVE-2023-1206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
},
{
"name": "CVE-2023-40283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
},
{
"name": "CVE-2023-28831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28831"
},
{
"name": "CVE-2023-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3772"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-4623",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4623"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-4921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4921"
},
{
"name": "CVE-2023-39192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39192"
},
{
"name": "CVE-2023-39193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39193"
},
{
"name": "CVE-2023-42754",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42754"
},
{
"name": "CVE-2023-39194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39194"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2023-42755",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42755"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-31085",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31085"
},
{
"name": "CVE-2023-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39189"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-44321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
},
{
"name": "CVE-2023-44374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44374"
},
{
"name": "CVE-2023-44320",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
},
{
"name": "CVE-2023-44319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
},
{
"name": "CVE-2023-44317",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
},
{
"name": "CVE-2023-44318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44318"
},
{
"name": "CVE-2023-44373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
},
{
"name": "CVE-2023-44322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
},
{
"name": "CVE-2020-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-22218"
},
{
"name": "CVE-2023-4527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4527"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2022-48303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
},
{
"name": "CVE-2021-3426",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3426"
},
{
"name": "CVE-2023-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5717"
},
{
"name": "CVE-2023-45871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45871"
},
{
"name": "CVE-2020-19186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19186"
},
{
"name": "CVE-2020-19190",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19190"
},
{
"name": "CVE-2020-19185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19185"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2020-19187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19187"
},
{
"name": "CVE-2020-19188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19188"
},
{
"name": "CVE-2020-19909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19909"
},
{
"name": "CVE-2019-11360",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11360"
},
{
"name": "CVE-2019-13627",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13627"
},
{
"name": "CVE-2019-7309",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7309"
},
{
"name": "CVE-2022-0563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
},
{
"name": "CVE-2019-1010024",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010024"
},
{
"name": "CVE-2022-47375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47375"
},
{
"name": "CVE-2019-19126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19126"
},
{
"name": "CVE-2023-46283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46283"
},
{
"name": "CVE-2023-46282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46282"
},
{
"name": "CVE-2023-32643",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32643"
},
{
"name": "CVE-2014-7209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7209"
},
{
"name": "CVE-2023-48431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48431"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2017-17512",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17512"
},
{
"name": "CVE-2020-1712",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1712"
},
{
"name": "CVE-2023-48430",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48430"
},
{
"name": "CVE-2019-6488",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6488"
},
{
"name": "CVE-2023-39128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39128"
},
{
"name": "CVE-2018-20482",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20482"
},
{
"name": "CVE-2021-27212",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27212"
},
{
"name": "CVE-2019-5481",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5481"
},
{
"name": "CVE-2021-43396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43396"
},
{
"name": "CVE-2022-2509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2509"
},
{
"name": "CVE-2022-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3715"
},
{
"name": "CVE-2023-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0687"
},
{
"name": "CVE-2019-20795",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20795"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2022-48522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48522"
},
{
"name": "CVE-2020-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21913"
},
{
"name": "CVE-2019-12904",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12904"
},
{
"name": "CVE-2021-28041",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28041"
},
{
"name": "CVE-2022-42784",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42784"
},
{
"name": "CVE-2023-48427",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48427"
},
{
"name": "CVE-2020-24659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24659"
},
{
"name": "CVE-2023-48429",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48429"
},
{
"name": "CVE-2020-12062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12062"
},
{
"name": "CVE-2019-1010023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010023"
},
{
"name": "CVE-2023-49692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
},
{
"name": "CVE-2016-10739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10739"
},
{
"name": "CVE-2019-1010180",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010180"
},
{
"name": "CVE-2023-46285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46285"
},
{
"name": "CVE-2023-46156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46156"
},
{
"name": "CVE-2019-5435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5435"
},
{
"name": "CVE-2019-15847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15847"
},
{
"name": "CVE-2023-29491",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29491"
},
{
"name": "CVE-2019-20367",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20367"
},
{
"name": "CVE-2023-46284",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46284"
},
{
"name": "CVE-2023-35945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
},
{
"name": "CVE-2023-32665",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32665"
},
{
"name": "CVE-2023-39615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
},
{
"name": "CVE-2021-37600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37600"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2021-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3997"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2023-26604",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26604"
},
{
"name": "CVE-2019-1010022",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010022"
},
{
"name": "CVE-2020-6096",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6096"
},
{
"name": "CVE-2021-33294",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33294"
},
{
"name": "CVE-2021-43618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43618"
},
{
"name": "CVE-2023-48428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48428"
},
{
"name": "CVE-2023-45322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45322"
},
{
"name": "CVE-2019-17498",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17498"
},
{
"name": "CVE-2023-49691",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
},
{
"name": "CVE-2023-25139",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25139"
},
{
"name": "CVE-2023-29499",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29499"
},
{
"name": "CVE-2020-1751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1751"
},
{
"name": "CVE-2019-1010025",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010025"
},
{
"name": "CVE-2019-12290",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12290"
},
{
"name": "CVE-2019-18224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18224"
},
{
"name": "CVE-2018-18928",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18928"
},
{
"name": "CVE-2022-27943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27943"
},
{
"name": "CVE-2022-28321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28321"
},
{
"name": "CVE-2021-32292",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32292"
},
{
"name": "CVE-2020-21047",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21047"
},
{
"name": "CVE-2021-46195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46195"
},
{
"name": "CVE-2023-38380",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38380"
},
{
"name": "CVE-2023-28531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28531"
},
{
"name": "CVE-2020-11501",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11501"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2022-47374",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47374"
},
{
"name": "CVE-2023-46281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46281"
},
{
"name": "CVE-2013-4235",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4235"
},
{
"name": "CVE-2020-15801",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15801"
},
{
"name": "CVE-2022-46141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46141"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2020-13529",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13529"
},
{
"name": "CVE-2023-27371",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27371"
},
{
"name": "CVE-2023-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32611"
},
{
"name": "CVE-2021-20193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20193"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2019-9923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9923"
},
{
"name": "CVE-2020-13777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13777"
},
{
"name": "CVE-2023-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5981"
},
{
"name": "CVE-2020-14422",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14422"
},
{
"name": "CVE-2023-32636",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32636"
},
{
"name": "CVE-2021-4209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4209"
},
{
"name": "CVE-2018-19591",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19591"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-844582 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180704.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-180704 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-480095.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-077170 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-480095 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-118850 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-118850.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-068047 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-077170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-892915 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-280603.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-999588 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-280603 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-693975 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-892915.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-887801 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-887801.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-592380 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-844582.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-398330 du 12 d\u00e9cembre 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-592380.html"
}
]
}
CERTFR-2022-AVI-916
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Juniper. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antĆ©rieures Ć R22.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions antĆ©rieures Ć 3.1.1 | ||
| Juniper Networks | Junos Space | Junos Space versions antĆ©rieures Ć 22.2R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antĆ©rieures Ć 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO | ||
| Juniper Networks | N/A | Contrail Networking versions antĆ©rieures Ć 2011.L5 | ||
| Juniper Networks | N/A | Steel Belted Radius Carrier Edition versions antĆ©rieures Ć 8.6.0R16 | ||
| Juniper Networks | Junos OS | Junos OS versions antĆ©rieures Ć 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antĆ©rieures Ć 5.4.7 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions 5.5.x antĆ©rieures Ć 5.5.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antĆ©rieures Ć 3.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Steel Belted Radius Carrier Edition versions ant\u00e9rieures \u00e0 8.6.0R16",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 5.4.7",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 5.5.x ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22243"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2022-22238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22238"
},
{
"name": "CVE-2022-22249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22249"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22227"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2022-22208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22208"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22201"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2018-20532",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20532"
},
{
"name": "CVE-2022-22246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22246"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2022-22250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22250"
},
{
"name": "CVE-2022-22192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22192"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2022-22239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22239"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22241"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22226"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2022-22229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22229"
},
{
"name": "CVE-2018-20534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20534"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22225"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2022-22245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22245"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2018-10689",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2022-22232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22232"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-22240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22240"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22234"
},
{
"name": "CVE-2022-22242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2022-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22251"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2022-22244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22244"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2022-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22233"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2018-20533",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20533"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2022-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22224"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22247"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2022-22199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22199"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-22236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22236"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2022-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22248"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-22220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22220"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22228"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2022-22223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22223"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-2684",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2684"
},
{
"name": "CVE-2021-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0543"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2022-22231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22231"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22235"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-22211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22211"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2022-22230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22230"
},
{
"name": "CVE-2022-22237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22237"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-916",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69906",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-might-be-seen-due-to-mac-moves-within-the-same-bridge-domain-CVE-2022-22249"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69885",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69888",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69886",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-Unified-Threat-Management-UTM-Enhanced-Content-Filtering-CF-is-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22232"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69899",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69881",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-SBR-Carrier-Multiple-Vulnerabilities-resolved-in-version-8-6-0R16-64-bit-Solaris-and-Linux-editions"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69894",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-process-will-crash-when-a-malformed-incoming-RESV-message-is-processed-CVE-2022-22238"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69898",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-core-upon-receipt-of-a-specific-EVPN-route-by-a-BGP-route-reflector-in-an-EVPN-environment-CVE-2022-22199"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69895",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-The-ssh-CLI-command-always-runs-as-root-which-can-lead-to-privilege-escalation-CVE-2022-22239"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69908",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-cSRX-Series-Storing-Passwords-in-a-Recoverable-Format-and-software-permissions-issues-allows-a-local-attacker-to-elevate-privileges-CVE-2022-22251"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69874",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PPMD-goes-into-infinite-loop-upon-receipt-of-malformed-OSPF-TLV-CVE-2022-22224"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69902",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Due-to-a-race-condition-the-rpd-process-can-crash-upon-receipt-of-a-BGP-update-message-containing-flow-spec-route-CVE-2022-22220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69879",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-can-occur-due-to-memory-corruption-caused-by-flapping-BGP-sessions-CVE-2022-22208"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69890",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX2300-and-EX3400-Series-One-of-more-SFPs-might-become-unavailable-when-the-system-is-very-busy-CVE-2022-22234"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69875",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-multipath-scenario-when-one-of-the-contributing-routes-is-flapping-often-and-rapidly-rpd-may-crash-CVE-2022-22225"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69915",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-An-attacker-can-cause-a-kernel-panic-by-sending-a-malformed-TCP-packet-to-the-device-CVE-2022-22192"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69878",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Specific-IPv6-transit-traffic-gets-exceptioned-to-the-routing-engine-which-will-cause-increased-CPU-utilization-CVE-2022-22227"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69907",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69891",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-will-be-observed-when-malformed-GPRS-traffic-is-processed-CVE-2022-22235"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69882",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69876",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX4300-MP-EX4600-QFX5000-Series-In-VxLAN-scenarios-specific-packets-processed-cause-a-memory-leak-leading-to-a-PFE-crash-CVE-2022-22226"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69892",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-When-specific-valid-SIP-packets-are-received-the-PFE-will-crash-CVE-2022-22236"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69889",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69887",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69900",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX5000-Series-with-SPC3-SRX4000-Series-and-vSRX-When-PowerMode-IPsec-is-configured-the-PFE-will-crash-upon-receipt-of-a-malformed-ESP-packet-CVE-2022-22201"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69884",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-specific-OSPFv3-LSAs-CVE-2022-22230"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69901",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Upon-processing-of-a-genuine-packet-the-pkid-process-will-crash-during-CMPv2-auto-re-enrollment-CVE-2022-22218"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69905",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Incorrect-file-permissions-can-allow-low-privileged-user-to-cause-another-user-to-execute-arbitrary-commands-CVE-2022-22248"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69893",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Peers-not-configured-for-TCP-AO-can-establish-a-BGP-or-LDP-session-even-if-authentication-is-configured-locally-CVE-2022-22237"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69904",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Kernel-processing-of-unvalidated-TCP-segments-could-lead-to-a-Denial-of-Service-DoS-CVE-2022-22247"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69880",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69873",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-QFX10000-Series-In-IP-MPLS-PHP-node-scenarios-upon-receipt-of-certain-crafted-packets-multiple-interfaces-in-LAG-configurations-may-detach-CVE-2022-22223"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69896",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-memory-leak-might-be-observed-while-running-a-specific-cli-command-in-a-RIB-sharding-scenario-CVE-2022-22240"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69897",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L5"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69916",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-Multiple-FPCs-become-unreachable-due-to-continuous-polling-of-specific-SNMP-OID-CVE-2022-22211"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69883",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Paragon-Active-Assurance-Formerly-Netrounds-Stored-Cross-site-Scripting-XSS-vulnerability-in-web-administration-CVE-2022-22229"
}
]
}
CERTFR-2022-AVI-547
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits Siemens. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, un dĆ©ni de service Ć distance et un contournement de la politique de sĆ©curitĆ©.
Solution
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Teamcenter Active Workspace V5.2 versions antĆ©rieures Ć V5.2.9 | ||
| Siemens | N/A | SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions | ||
| Siemens | N/A | EN100 Ethernet module PROFINET IO variant toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | Teamcenter V12.4 versions antĆ©rieures Ć V12.4.0.13 | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antĆ©rieures Ć V3.0 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 H (6GF3550-0GE10) toutes versions | ||
| Siemens | N/A | SIMATIC MV560 U (6GF3560-0LE10) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions antĆ©rieures Ć V1.1 | ||
| Siemens | N/A | SIMATIC CP 1626 (6GK1162-6AA01) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TIA Portal V16 toutes versions | ||
| Siemens | N/A | RUGGEDCOM CROSSBOW Station Access Controller toutes versions | ||
| Siemens | N/A | Industrial Edge - OPC UA Connector toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions | ||
| Siemens | N/A | Xpedition Designer versions antĆ©rieures Ć X.2.11 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller (incl. F) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential ARM (6MD7881-2AA30) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | Teamcenter V13.2 toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF650R (6GT2811-6AB20) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SIMATIC PDM toutes versions | ||
| Siemens | N/A | RUGGEDCOM NMS toutes versions | ||
| Siemens | N/A | TIA Administrator toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | EN100 Ethernet module IEC 104 variant toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 9 compatible) versions antĆ©rieures Ć 3.2.3 | ||
| Siemens | N/A | SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC NET PC Software V17 toutes versions | ||
| Siemens | N/A | Spectrum Power MGMS toutes versions using Shared HIS | ||
| Siemens | N/A | SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SIMATIC RF188C (6GT2002-0JE40) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions | ||
| Siemens | N/A | SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC RF680R (6GT2811-6AA10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SINUMERIK Edge versions antĆ©rieures Ć V3.3.0 | ||
| Siemens | N/A | SIMATIC PCS 7 TeleControl toutes versions | ||
| Siemens | N/A | SIMATIC CP 1628 (6GK1162-8AA00) toutes versions | ||
| Siemens | N/A | Teamcenter V13.3 versions antĆ©rieures Ć V13.3.0.3 | ||
| Siemens | N/A | SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions | ||
| Siemens | N/A | Spectrum Power 4 toutes versions using Shared HIS | ||
| Siemens | N/A | SINEC NMS toutes versions | ||
| Siemens | N/A | SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF360R (6GT2801-5BA30) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | Industrial Edge - SIMATIC S7 Connector App versions antĆ©rieures Ć V1.7.0 | ||
| Siemens | N/A | SIMATIC RF185C (6GT2002-0JE10) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF188CI (6GT2002-0JE60) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | EN100 Ethernet module DNP3 IP variant toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | Mendix SAML Module (Mendix 8 compatible) versions antĆ©rieures Ć 2.2.2 | ||
| Siemens | N/A | SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions | ||
| Siemens | N/A | SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions antĆ©rieures Ć V2.0 | ||
| Siemens | N/A | SIMATIC STEP 7 V5.X toutes versions | ||
| Siemens | N/A | SIMATIC RF166C (6GT2002-0EE20) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | EN100 Ethernet module Modbus TCP variant toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V14 toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC Logon toutes versions | ||
| Siemens | N/A | SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SICAM GridEdge Essential Intel (6MD7881-2AA40) versions antĆ©rieures Ć V2.6.6 | ||
| Siemens | N/A | SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | EN100 Ethernet module IEC 61850 variant versions antĆ©rieures Ć V4.37 | ||
| Siemens | N/A | SINEMA Server V14 toutes versions | ||
| Siemens | N/A | SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions | ||
| Siemens | N/A | SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions | ||
| Siemens | N/A | SIMATIC PCS neo toutes versions | ||
| Siemens | N/A | Teamcenter V13.1 versions antĆ©rieures Ć V13.1.0.9 | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions | ||
| Siemens | N/A | RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antĆ©rieures Ć 3.0 SP2 | ||
| Siemens | N/A | RUGGEDCOM ROS Series toutes versions | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV550 S (6GF3550-0CD10) toutes versions | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | SIMATIC NET PC Software V16 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | SINAUT Software ST7sc toutes versions | ||
| Siemens | N/A | Teamcenter V14.0 toutes versions | ||
| Siemens | N/A | SINAUT ST7CC toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC MV560 X (6GF3560-0HE10) toutes versions | ||
| Siemens | N/A | SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TIA Portal V15 toutes versions | ||
| Siemens | N/A | TIA Portal V17 toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antĆ©rieures Ć V3.1 | ||
| Siemens | N/A | SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC RF186C (6GT2002-0JE20) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TIA Portal Cloud toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX Series toutes versions | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions | ||
| Siemens | N/A | TALON TC Compact (BACnet) versions antĆ©rieures Ć V3.5 | ||
| Siemens | N/A | SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions | ||
| Siemens | N/A | SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions | ||
| Siemens | N/A | Spectrum Power 7 toutes versions using Shared HIS | ||
| Siemens | N/A | SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC MV540 H (6GF3540-0GE10) toutes versions | ||
| Siemens | N/A | SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SINEC INS toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions | ||
| Siemens | N/A | SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions | ||
| Siemens | N/A | SIMATIC RF610R (6GT2811-6BC10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions | ||
| Siemens | N/A | SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | Teamcenter V13.0 versions antĆ©rieures Ć V13.0.0.9 | ||
| Siemens | N/A | SIMATIC RF186CI (6GT2002-0JE50) versions antĆ©rieures Ć V2.0.1 | ||
| Siemens | N/A | Teamcenter Active Workspace V6.0 versions antĆ©rieures Ć V6.0.3 | ||
| Siemens | N/A | SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions antĆ©rieures Ć V2.3.1 | ||
| Siemens | N/A | SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF685R (6GT2811-6CA10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions | ||
| Siemens | N/A | SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC MV540 S (6GF3540-0CD10) toutes versions | ||
| Siemens | N/A | SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC RF615R (6GT2811-6CC10) versions antĆ©rieures Ć V4.0.1 | ||
| Siemens | N/A | Industrial Edge - PROFINET IO Connector toutes versions | ||
| Siemens | N/A | SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions | ||
| Siemens | N/A | Mendix SAML Module (Mendix 7 compatible) versions antĆ©rieures Ć 1.16.6 | ||
| Siemens | N/A | SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | TeleControl Server Basic V3 toutes versions | ||
| Siemens | N/A | SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions | ||
| Siemens | N/A | SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions antĆ©rieures Ć V6.5 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced toutes versions | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module PROFINET IO variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions ant\u00e9rieures \u00e0 V1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1626 (6GK1162-6AA01) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM CROSSBOW Station Access Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - OPC UA Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Xpedition Designer versions ant\u00e9rieures \u00e0 X.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller (incl. F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential ARM (6MD7881-2AA30) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF650R (6GT2811-6AB20) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PDM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Administrator toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 104 variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 3.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power MGMS toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF680R (6GT2811-6AA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 TeleControl toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 (6GK1162-8AA00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 4 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - SIMATIC S7 Connector App versions ant\u00e9rieures \u00e0 V1.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module DNP3 IP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 2.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5.X toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module Modbus TCP variant toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Logon toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridEdge Essential Intel (6MD7881-2AA40) versions ant\u00e9rieures \u00e0 V2.6.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "EN100 Ethernet module IEC 61850 variant versions ant\u00e9rieures \u00e0 V4.37",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server V14 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROS Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT Software ST7sc toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V14.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAUT ST7CC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V17 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal Cloud toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 7 toutes versions using Shared HIS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF610R (6GT2811-6BC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V6.0 versions ant\u00e9rieures \u00e0 V6.0.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF685R (6GT2811-6CA10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF615R (6GT2811-6CC10) versions ant\u00e9rieures \u00e0 V4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Industrial Edge - PROFINET IO Connector toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML Module (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 1.16.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32285"
},
{
"name": "CVE-2022-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32286"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2021-20317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
},
{
"name": "CVE-2022-32258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32258"
},
{
"name": "CVE-2021-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
},
{
"name": "CVE-2021-22925",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
},
{
"name": "CVE-2022-30231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30231"
},
{
"name": "CVE-2021-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
},
{
"name": "CVE-2022-32254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32254"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-32145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32145"
},
{
"name": "CVE-2022-32259",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32259"
},
{
"name": "CVE-2022-32262",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32262"
},
{
"name": "CVE-2017-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
},
{
"name": "CVE-2022-32255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32255"
},
{
"name": "CVE-2020-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-32252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32252"
},
{
"name": "CVE-2021-22924",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
},
{
"name": "CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-37182",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37182"
},
{
"name": "CVE-2020-9272",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
},
{
"name": "CVE-2021-39293",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
},
{
"name": "CVE-2021-33910",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2022-26476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26476"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2022-30228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30228"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2022-32251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32251"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2021-36221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
},
{
"name": "CVE-2021-41089",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
},
{
"name": "CVE-2022-30230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30230"
},
{
"name": "CVE-2020-9273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
},
{
"name": "CVE-2022-30229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30229"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-29034",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29034"
},
{
"name": "CVE-2022-30937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30937"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27219"
},
{
"name": "CVE-2022-27221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27221"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-31619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31619"
},
{
"name": "CVE-2022-32261",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32261"
},
{
"name": "CVE-2022-32260",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32260"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2022-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27220"
},
{
"name": "CVE-2022-31465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31465"
},
{
"name": "CVE-2017-9946",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
},
{
"name": "CVE-2021-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
},
{
"name": "CVE-2022-32253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32253"
},
{
"name": "CVE-2022-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32256"
},
{
"name": "CVE-2021-37209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-547",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148078 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-148078.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-220589 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-220589.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-988345 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-988345.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-484086 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330556 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-330556.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145224 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145224.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-685781 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-685781.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-693555 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-693555.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-911567 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-911567.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-401167 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-401167.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712929 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-679335.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388239 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-388239.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-631336 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740594 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-740594.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-222547 du 14 juin 2022",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-222547.html"
}
]
}
CERTFR-2024-AVI-1103
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnĆ©rabilitĆ©s ont Ć©tĆ© dĆ©couvertes dans les produits IBM. Certaines d'entre elles permettent Ć un attaquant de provoquer une exĆ©cution de code arbitraire Ć distance, une Ć©lĆ©vation de privilĆØges et un dĆ©ni de service Ć distance.
Solutions
Se rƩfƩrer au bulletin de sƩcuritƩ de l'Ʃditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antĆ©rieures Ć 12.0.4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antĆ©rieures Ć 6.1.0.2 ifix 01 | ||
| IBM | QRadar SIEM | Security QRadar Log Management AQL Plugin versions antĆ©rieures Ć 1.1.0 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antĆ©rieures Ć 6.0.3.1 (fixpack) GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antĆ©rieures Ć 11.2.4 FP5 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antĆ©rieures Ć 6.1.0.1 (fixpack) GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antĆ©rieures Ć 6.2.0.0 ifix 01 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antĆ©rieures Ć 6.3.0.11_ifix001 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2023-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2018-15209",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2018-17100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2022-34266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
},
{
"name": "CVE-2020-35521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2019-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2024-45082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
},
{
"name": "CVE-2017-11613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2024-41752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2018-18508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2014-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
},
{
"name": "CVE-2023-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2019-17007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2023-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2015-7182",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2018-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2020-19144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2017-12627",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
},
{
"name": "CVE-2018-17101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2020-26261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
},
{
"name": "CVE-2023-24816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2019-17546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2020-15110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2017-18869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2022-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
},
{
"name": "CVE-2018-7456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
},
{
"name": "CVE-2023-38288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2017-18013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2016-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
},
{
"name": "CVE-2017-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2024-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2019-14973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
},
{
"name": "CVE-2020-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-19131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
},
{
"name": "CVE-2015-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2018-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
},
{
"name": "CVE-2018-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2020-35523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2021-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-29896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
},
{
"name": "CVE-2015-7181",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
},
{
"name": "CVE-2020-18768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2017-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
},
{
"name": "CVE-2014-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2017-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2017-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2018-19210",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
},
{
"name": "CVE-2013-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-10255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2020-35524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-35522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2017-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
"url": "https://www.ibm.com/support/pages/node/7177142"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
"url": "https://www.ibm.com/support/pages/node/7177223"
},
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
"url": "https://www.ibm.com/support/pages/node/7179044"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
"url": "https://www.ibm.com/support/pages/node/7179156"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
"url": "https://www.ibm.com/support/pages/node/7179166"
},
{
"published_at": "2024-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
"url": "https://www.ibm.com/support/pages/node/7178835"
}
]
}
RHSA-2022:0818
Vulnerability from csaf_redhat - Published: 2022-03-10 15:22 - Updated: 2026-01-27 09:13Summary
Red Hat Security Advisory: firefox security update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 91.7.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)
* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* Mozilla: Use-after-free in text reflows (CVE-2022-26381)
* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)
* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)
* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
* Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 91.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0818",
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "2061735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061735"
},
{
"category": "external",
"summary": "2061736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061736"
},
{
"category": "external",
"summary": "2062220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062220"
},
{
"category": "external",
"summary": "2062221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062221"
},
{
"category": "external",
"summary": "2062222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062222"
},
{
"category": "external",
"summary": "2062223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062223"
},
{
"category": "external",
"summary": "2062224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062224"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0818.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2026-01-27T09:13:55+00:00",
"generator": {
"date": "2026-01-27T09:13:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:0818",
"initial_release_date": "2022-03-10T15:22:06+00:00",
"revision_history": [
{
"date": "2022-03-10T15:22:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-10T15:22:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-27T09:13:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el8_5.src",
"product": {
"name": "firefox-0:91.7.0-3.el8_5.src",
"product_id": "firefox-0:91.7.0-3.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el8_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el8_5.aarch64",
"product": {
"name": "firefox-0:91.7.0-3.el8_5.aarch64",
"product_id": "firefox-0:91.7.0-3.el8_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el8_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"product": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"product_id": "firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@91.7.0-3.el8_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"product_id": "firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el8_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el8_5.ppc64le",
"product": {
"name": "firefox-0:91.7.0-3.el8_5.ppc64le",
"product_id": "firefox-0:91.7.0-3.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"product": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"product_id": "firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@91.7.0-3.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"product_id": "firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el8_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el8_5.x86_64",
"product": {
"name": "firefox-0:91.7.0-3.el8_5.x86_64",
"product_id": "firefox-0:91.7.0-3.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:91.7.0-3.el8_5.x86_64",
"product": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.x86_64",
"product_id": "firefox-debugsource-0:91.7.0-3.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@91.7.0-3.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"product_id": "firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el8_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el8_5.s390x",
"product": {
"name": "firefox-0:91.7.0-3.el8_5.s390x",
"product_id": "firefox-0:91.7.0-3.el8_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el8_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"product": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"product_id": "firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@91.7.0-3.el8_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"product_id": "firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el8_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el8_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64"
},
"product_reference": "firefox-0:91.7.0-3.el8_5.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el8_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el8_5.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el8_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el8_5.s390x",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src"
},
"product_reference": "firefox-0:91.7.0-3.el8_5.src",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64"
},
"product_reference": "firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le"
},
"product_reference": "firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x"
},
"product_reference": "firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:91.7.0-3.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
},
"product_reference": "firefox-debugsource-0:91.7.0-3.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
},
{
"cve": "CVE-2022-26381",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062223"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in text reflows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26381"
},
{
"category": "external",
"summary": "RHBZ#2062223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26381"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26381",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26381"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in text reflows"
},
{
"cve": "CVE-2022-26383",
"cwe": {
"id": "CWE-449",
"name": "The UI Performs the Wrong Action"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Browser window spoof using fullscreen mode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26383"
},
{
"category": "external",
"summary": "RHBZ#2062220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26383"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Browser window spoof using fullscreen mode"
},
{
"cve": "CVE-2022-26384",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062221"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nIf an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: iframe allow-scripts sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26384"
},
{
"category": "external",
"summary": "RHBZ#2062221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26384",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26384"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: iframe allow-scripts sandbox bypass"
},
{
"cve": "CVE-2022-26386",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062224"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Temporary files downloaded to /tmp and accessible by other local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26386"
},
{
"category": "external",
"summary": "RHBZ#2062224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26386"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Temporary files downloaded to /tmp and accessible by other local users"
},
{
"cve": "CVE-2022-26387",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062222"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox would not have noticed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Time-of-check time-of-use bug when verifying add-on signatures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26387"
},
{
"category": "external",
"summary": "RHBZ#2062222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26387",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26387"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Time-of-check time-of-use bug when verifying add-on signatures"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Wang Gang, Liu Jialei, Du Sihang, Huang Yi \u0026 Yang Kang of 360 ATA"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-26485",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061736"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in XSLT parameter processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26485"
},
{
"category": "external",
"summary": "RHBZ#2061736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26485"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-07T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free in XSLT parameter processing"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Wang Gang, Liu Jialei, Du Sihang, Huang Yi \u0026 Yang Kang of 360 ATA"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-26486",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061735"
}
],
"notes": [
{
"category": "description",
"text": "An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebGPU IPC Framework",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26486"
},
{
"category": "external",
"summary": "RHBZ#2061735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T15:22:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0818"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.src",
"AppStream-8.5.0.Z.MAIN:firefox-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debuginfo-0:91.7.0-3.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:firefox-debugsource-0:91.7.0-3.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-07T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free in WebGPU IPC Framework"
}
]
}
RHSA-2022_1069
Vulnerability from csaf_redhat - Published: 2022-03-28 12:01 - Updated: 2024-11-22 18:31Summary
Red Hat Security Advisory: expat security update
Notes
Topic
An update for expat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for expat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1069",
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1069.json"
}
],
"title": "Red Hat Security Advisory: expat security update",
"tracking": {
"current_release_date": "2024-11-22T18:31:36+00:00",
"generator": {
"date": "2024-11-22T18:31:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:1069",
"initial_release_date": "2022-03-28T12:01:28+00:00",
"revision_history": [
{
"date": "2022-03-28T12:01:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-28T12:01:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:31:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.src",
"product": {
"name": "expat-0:2.1.0-14.el7_9.src",
"product_id": "expat-0:2.1.0-14.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-0:2.1.0-14.el7_9.i686",
"product_id": "expat-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686",
"product_id": "expat-devel-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.i686",
"product_id": "expat-static-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-static-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-devel-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-static-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-static-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-0:2.1.0-14.el7_9.s390",
"product_id": "expat-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390",
"product_id": "expat-devel-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.s390",
"product_id": "expat-static-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-devel-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-static-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
}
]
}
RHSA-2025:22785
Vulnerability from csaf_redhat - Published: 2025-12-04 23:12 - Updated: 2026-02-27 16:35Summary
Red Hat Security Advisory: expat security update
Notes
Topic
An update for expat is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: internal entity expansion (CVE-2013-0340)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: integer overflow in the doProlog function (CVE-2022-23990)
* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: Integer overflow in copyString() (CVE-2022-25314)
* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)
* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)
* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for expat is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: internal entity expansion (CVE-2013-0340)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\n* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: Integer overflow in copyString() (CVE-2022-25314)\n\n* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)\n\n* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)\n\n* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22785",
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1000109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "2140059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059"
},
{
"category": "external",
"summary": "2262877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877"
},
{
"category": "external",
"summary": "2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22785.json"
}
],
"title": "Red Hat Security Advisory: expat security update",
"tracking": {
"current_release_date": "2026-02-27T16:35:36+00:00",
"generator": {
"date": "2026-02-27T16:35:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2025:22785",
"initial_release_date": "2025-12-04T23:12:47+00:00",
"revision_history": [
{
"date": "2025-12-04T23:12:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-04T23:12:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T16:35:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-1.el8_4.src",
"product": {
"name": "expat-0:2.2.10-1.el8_4.src",
"product_id": "expat-0:2.2.10-1.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-1.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-1.el8_4.i686",
"product": {
"name": "expat-0:2.2.10-1.el8_4.i686",
"product_id": "expat-0:2.2.10-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-1.el8_4.i686",
"product": {
"name": "expat-devel-0:2.2.10-1.el8_4.i686",
"product_id": "expat-devel-0:2.2.10-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-1.el8_4.i686",
"product": {
"name": "expat-debugsource-0:2.2.10-1.el8_4.i686",
"product_id": "expat-debugsource-0:2.2.10-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-1.el8_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-1.el8_4.i686",
"product": {
"name": "expat-debuginfo-0:2.2.10-1.el8_4.i686",
"product_id": "expat-debuginfo-0:2.2.10-1.el8_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-1.el8_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-1.el8_4.x86_64",
"product": {
"name": "expat-0:2.2.10-1.el8_4.x86_64",
"product_id": "expat-0:2.2.10-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-1.el8_4.x86_64",
"product": {
"name": "expat-devel-0:2.2.10-1.el8_4.x86_64",
"product_id": "expat-devel-0:2.2.10-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"product": {
"name": "expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"product_id": "expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-1.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"product": {
"name": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"product_id": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-1.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_4.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src"
},
"product_reference": "expat-0:2.2.10-1.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-debuginfo-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-debugsource-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-devel-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-devel-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_4.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src"
},
"product_reference": "expat-0:2.2.10-1.el8_4.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-debuginfo-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-debugsource-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-1.el8_4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686"
},
"product_reference": "expat-devel-0:2.2.10-1.el8_4.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-1.el8_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
},
"product_reference": "expat-devel-0:2.2.10-1.el8_4.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"discovery_date": "2013-02-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1000109"
}
],
"notes": [
{
"category": "description",
"text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: internal entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0340"
},
{
"category": "external",
"summary": "RHBZ#1000109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340"
}
],
"release_date": "2013-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: internal entity expansion"
},
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this CVE based on the configurations of a default install in the context of SELinux enforcement and services run as non privileged users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048356"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: integer overflow in the doProlog function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23990"
},
{
"category": "external",
"summary": "RHBZ#2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
}
],
"release_date": "2022-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: integer overflow in the doProlog function"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Stack exhaustion in doctype parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications which only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25313"
},
{
"category": "external",
"summary": "RHBZ#2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Stack exhaustion in doctype parsing"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056354"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in copyString()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a severity of Moderate. The encoding name parameter is often hard-coded (rather than user input) and it would take a value in the gigabytes for the name to trigger this issue. The versions of `expat` as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include the vulnerable copyString() function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25314"
},
{
"category": "external",
"summary": "RHBZ#2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in copyString()"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-11-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140059"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability can only happen under special (out-of-memory) conditions, thus it is not possible to exploit on every possible system that has expat installed. Additionally as the flaw is only capable of causing a Denial of Service, Red Hat rates the impact as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43680"
},
{
"category": "external",
"summary": "RHBZ#2140059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/649",
"url": "https://github.com/libexpat/libexpat/issues/649"
}
],
"release_date": "2022-10-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262877"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: parsing large tokens can trigger a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified flaw in Expat presents a moderate severity issue due to its potential to facilitate resource exhaustion attacks, particularly in scenarios involving parsing large tokens requiring multiple buffer fills. As Expat repeatedly re-parses such tokens from the beginning, it results in disproportionate resource consumption, leading to a denial-of-service (DoS) condition. While the impact is significant, the exploitation requires specific conditions, such as parsing large tokens, which may not always align with typical usage patterns.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "RHBZ#2262877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
}
],
"release_date": "2024-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: parsing large tokens can trigger a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Tomas Korbar",
"Sandipan Roy"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Sebastian Pipping"
],
"organization": "libexpat"
}
],
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-06-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310137"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All supported Red Hat offerings are built with the compilation flag (-fstack-clash-protection) which reduces the impact to Moderate. This build configuration blocks the possibility of an attacker gaining arbitrary code execution even if a stack-clash vulnerability, like this one, could be exploited.\n\nThis vulnerability is rated Moderate because Red Hat builds use the `-fstack-clash-protection` compiler flag, which mitigates the risk of arbitrary code execution from stack overflows. While the flaw allows a crash via uncontrolled recursion in XML parsing, the hardened stack layout prevents reliable memory corruption, limiting the impact to a Denial of Service (DoS) scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "RHBZ#2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/893",
"url": "https://github.com/libexpat/libexpat/issues/893"
}
],
"release_date": "2025-03-13T13:51:54.957000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"known_not_affected": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-04T23:12:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.AUS:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.AUS:expat-devel-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debuginfo-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-debugsource-0:2.2.10-1.el8_4.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:expat-devel-0:2.2.10-1.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2025:22871
Vulnerability from csaf_redhat - Published: 2025-12-09 08:32 - Updated: 2026-02-27 16:35Summary
Red Hat Security Advisory: expat security update
Notes
Topic
An update for expat is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: internal entity expansion (CVE-2013-0340)
* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: integer overflow in the doProlog function (CVE-2022-23990)
* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: Integer overflow in copyString() (CVE-2022-25314)
* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)
* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)
* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for expat is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: internal entity expansion (CVE-2013-0340)\n\n* expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)\n\n* expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\n* expat: Stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: Integer overflow in copyString() (CVE-2022-25314)\n\n* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)\n\n* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)\n\n* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:22871",
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1000109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109"
},
{
"category": "external",
"summary": "1723723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723"
},
{
"category": "external",
"summary": "1752592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "2140059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059"
},
{
"category": "external",
"summary": "2262877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877"
},
{
"category": "external",
"summary": "2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22871.json"
}
],
"title": "Red Hat Security Advisory: expat security update",
"tracking": {
"current_release_date": "2026-02-27T16:35:38+00:00",
"generator": {
"date": "2026-02-27T16:35:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2025:22871",
"initial_release_date": "2025-12-09T08:32:00+00:00",
"revision_history": [
{
"date": "2025-12-09T08:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-09T08:32:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T16:35:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-1.el8_2.src",
"product": {
"name": "expat-0:2.2.10-1.el8_2.src",
"product_id": "expat-0:2.2.10-1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-1.el8_2.i686",
"product": {
"name": "expat-0:2.2.10-1.el8_2.i686",
"product_id": "expat-0:2.2.10-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-1.el8_2.i686",
"product": {
"name": "expat-devel-0:2.2.10-1.el8_2.i686",
"product_id": "expat-devel-0:2.2.10-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-1.el8_2.i686",
"product": {
"name": "expat-debugsource-0:2.2.10-1.el8_2.i686",
"product_id": "expat-debugsource-0:2.2.10-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-1.el8_2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-1.el8_2.i686",
"product": {
"name": "expat-debuginfo-0:2.2.10-1.el8_2.i686",
"product_id": "expat-debuginfo-0:2.2.10-1.el8_2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-1.el8_2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-1.el8_2.x86_64",
"product": {
"name": "expat-0:2.2.10-1.el8_2.x86_64",
"product_id": "expat-0:2.2.10-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-1.el8_2.x86_64",
"product": {
"name": "expat-devel-0:2.2.10-1.el8_2.x86_64",
"product_id": "expat-devel-0:2.2.10-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"product": {
"name": "expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"product_id": "expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"product": {
"name": "expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"product_id": "expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686"
},
"product_reference": "expat-0:2.2.10-1.el8_2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src"
},
"product_reference": "expat-0:2.2.10-1.el8_2.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
},
"product_reference": "expat-0:2.2.10-1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-1.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686"
},
"product_reference": "expat-debuginfo-0:2.2.10-1.el8_2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-1.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686"
},
"product_reference": "expat-debugsource-0:2.2.10-1.el8_2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-1.el8_2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686"
},
"product_reference": "expat-devel-0:2.2.10-1.el8_2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
},
"product_reference": "expat-devel-0:2.2.10-1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"discovery_date": "2013-02-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1000109"
}
],
"notes": [
{
"category": "description",
"text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: internal entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0340"
},
{
"category": "external",
"summary": "RHBZ#1000109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340"
}
],
"release_date": "2013-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: internal entity expansion"
},
{
"cve": "CVE-2018-20843",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-06-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1723723"
}
],
"notes": [
{
"category": "description",
"text": "It was discovered that the \"setElementTypePrefix()\" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-20843"
},
{
"category": "external",
"summary": "RHBZ#1723723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1723723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-20843"
},
{
"category": "external",
"summary": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031"
}
],
"release_date": "2019-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: large number of colons in input makes parser consume high amount of resources, leading to DoS"
},
{
"cve": "CVE-2019-15903",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-09-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1752592"
}
],
"notes": [
{
"category": "description",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: heap-based buffer over-read via crafted XML input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "RHBZ#1752592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
}
],
"release_date": "2019-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "expat: heap-based buffer over-read via crafted XML input"
},
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this CVE based on the configurations of a default install in the context of SELinux enforcement and services run as non privileged users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048356"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: integer overflow in the doProlog function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23990"
},
{
"category": "external",
"summary": "RHBZ#2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
}
],
"release_date": "2022-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: integer overflow in the doProlog function"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Stack exhaustion in doctype parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications which only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25313"
},
{
"category": "external",
"summary": "RHBZ#2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Stack exhaustion in doctype parsing"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056354"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in copyString()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a severity of Moderate. The encoding name parameter is often hard-coded (rather than user input) and it would take a value in the gigabytes for the name to trigger this issue. The versions of `expat` as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include the vulnerable copyString() function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25314"
},
{
"category": "external",
"summary": "RHBZ#2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in copyString()"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-11-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140059"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability can only happen under special (out-of-memory) conditions, thus it is not possible to exploit on every possible system that has expat installed. Additionally as the flaw is only capable of causing a Denial of Service, Red Hat rates the impact as Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43680"
},
{
"category": "external",
"summary": "RHBZ#2140059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/649",
"url": "https://github.com/libexpat/libexpat/issues/649"
}
],
"release_date": "2022-10-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate"
},
{
"cve": "CVE-2023-52425",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-05T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262877"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: parsing large tokens can trigger a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified flaw in Expat presents a moderate severity issue due to its potential to facilitate resource exhaustion attacks, particularly in scenarios involving parsing large tokens requiring multiple buffer fills. As Expat repeatedly re-parses such tokens from the beginning, it results in disproportionate resource consumption, leading to a denial-of-service (DoS) condition. While the impact is significant, the exploitation requires specific conditions, such as parsing large tokens, which may not always align with typical usage patterns.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "RHBZ#2262877",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262877"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
}
],
"release_date": "2024-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: parsing large tokens can trigger a denial of service"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Tomas Korbar",
"Sandipan Roy"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
},
{
"names": [
"Sebastian Pipping"
],
"organization": "libexpat"
}
],
"cve": "CVE-2024-8176",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-06-12T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310137"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "All supported Red Hat offerings are built with the compilation flag (-fstack-clash-protection) which reduces the impact to Moderate. This build configuration blocks the possibility of an attacker gaining arbitrary code execution even if a stack-clash vulnerability, like this one, could be exploited.\n\nThis vulnerability is rated Moderate because Red Hat builds use the `-fstack-clash-protection` compiler flag, which mitigates the risk of arbitrary code execution from stack overflows. While the flaw allows a crash via uncontrolled recursion in XML parsing, the hardened stack layout prevents reliable memory corruption, limiting the impact to a Denial of Service (DoS) scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "RHBZ#2310137",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8176"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/893",
"url": "https://github.com/libexpat/libexpat/issues/893"
}
],
"release_date": "2025-03-13T13:51:54.957000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"known_not_affected": [
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-09T08:32:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:expat-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debuginfo-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-debugsource-0:2.2.10-1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.i686",
"BaseOS-8.2.0.Z.AUS:expat-devel-0:2.2.10-1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2022:0824
Vulnerability from csaf_redhat - Published: 2022-03-10 16:37 - Updated: 2026-01-27 09:13Summary
Red Hat Security Advisory: firefox security and bug fix update
Notes
Topic
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 91.7.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)
* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* Mozilla: Use-after-free in text reflows (CVE-2022-26381)
* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)
* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)
* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
* Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 91.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Firefox 91.3.0-1 Language packs installed at /usr/lib64/firefox/langpacks cannot be used any more (BZ#2030190)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0824",
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2030190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030190"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "2061735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061735"
},
{
"category": "external",
"summary": "2061736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061736"
},
{
"category": "external",
"summary": "2062220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062220"
},
{
"category": "external",
"summary": "2062221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062221"
},
{
"category": "external",
"summary": "2062222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062222"
},
{
"category": "external",
"summary": "2062223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062223"
},
{
"category": "external",
"summary": "2062224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062224"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0824.json"
}
],
"title": "Red Hat Security Advisory: firefox security and bug fix update",
"tracking": {
"current_release_date": "2026-01-27T09:13:52+00:00",
"generator": {
"date": "2026-01-27T09:13:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:0824",
"initial_release_date": "2022-03-10T16:37:02+00:00",
"revision_history": [
{
"date": "2022-03-10T16:37:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-10T16:37:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-27T09:13:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el7_9.src",
"product": {
"name": "firefox-0:91.7.0-3.el7_9.src",
"product_id": "firefox-0:91.7.0-3.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el7_9.x86_64",
"product": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64",
"product_id": "firefox-0:91.7.0-3.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el7_9.i686",
"product": {
"name": "firefox-0:91.7.0-3.el7_9.i686",
"product_id": "firefox-0:91.7.0-3.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el7_9.s390x",
"product": {
"name": "firefox-0:91.7.0-3.el7_9.s390x",
"product_id": "firefox-0:91.7.0-3.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"product_id": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el7_9.ppc64le",
"product": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le",
"product_id": "firefox-0:91.7.0-3.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:91.7.0-3.el7_9.ppc64",
"product": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64",
"product_id": "firefox-0:91.7.0-3.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@91.7.0-3.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@91.7.0-3.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
},
{
"cve": "CVE-2022-26381",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062223"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in text reflows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26381"
},
{
"category": "external",
"summary": "RHBZ#2062223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26381"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26381",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26381"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in text reflows"
},
{
"cve": "CVE-2022-26383",
"cwe": {
"id": "CWE-449",
"name": "The UI Performs the Wrong Action"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Browser window spoof using fullscreen mode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26383"
},
{
"category": "external",
"summary": "RHBZ#2062220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26383"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Browser window spoof using fullscreen mode"
},
{
"cve": "CVE-2022-26384",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062221"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nIf an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: iframe allow-scripts sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26384"
},
{
"category": "external",
"summary": "RHBZ#2062221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26384",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26384"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: iframe allow-scripts sandbox bypass"
},
{
"cve": "CVE-2022-26386",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062224"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Temporary files downloaded to /tmp and accessible by other local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26386"
},
{
"category": "external",
"summary": "RHBZ#2062224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26386"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Temporary files downloaded to /tmp and accessible by other local users"
},
{
"cve": "CVE-2022-26387",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062222"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox would not have noticed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Time-of-check time-of-use bug when verifying add-on signatures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26387"
},
{
"category": "external",
"summary": "RHBZ#2062222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26387",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26387"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Time-of-check time-of-use bug when verifying add-on signatures"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Wang Gang, Liu Jialei, Du Sihang, Huang Yi \u0026 Yang Kang of 360 ATA"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-26485",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061736"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in XSLT parameter processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26485"
},
{
"category": "external",
"summary": "RHBZ#2061736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26485"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-07T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free in XSLT parameter processing"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Wang Gang, Liu Jialei, Du Sihang, Huang Yi \u0026 Yang Kang of 360 ATA"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-26486",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061735"
}
],
"notes": [
{
"category": "description",
"text": "An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebGPU IPC Framework",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26486"
},
{
"category": "external",
"summary": "RHBZ#2061735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-10T16:37:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0824"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:91.7.0-3.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:91.7.0-3.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-07T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Use-after-free in WebGPU IPC Framework"
}
]
}
RHSA-2022:7692
Vulnerability from csaf_redhat - Published: 2022-11-08 10:01 - Updated: 2025-12-26 15:21Summary
Red Hat Security Advisory: xmlrpc-c security update
Notes
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.\n\nSecurity Fix(es):\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7692",
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7692.json"
}
],
"title": "Red Hat Security Advisory: xmlrpc-c security update",
"tracking": {
"current_release_date": "2025-12-26T15:21:37+00:00",
"generator": {
"date": "2025-12-26T15:21:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2022:7692",
"initial_release_date": "2022-11-08T10:01:55+00:00",
"revision_history": [
{
"date": "2022-11-08T10:01:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-08T10:01:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-26T15:21:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.src",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.src",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.src",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.src",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
}
]
}
RHSA-2022_7692
Vulnerability from csaf_redhat - Published: 2022-11-08 10:01 - Updated: 2024-11-22 18:32Summary
Red Hat Security Advisory: xmlrpc-c security update
Notes
Topic
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.\n\nSecurity Fix(es):\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7692",
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7692.json"
}
],
"title": "Red Hat Security Advisory: xmlrpc-c security update",
"tracking": {
"current_release_date": "2024-11-22T18:32:01+00:00",
"generator": {
"date": "2024-11-22T18:32:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:7692",
"initial_release_date": "2022-11-08T10:01:55+00:00",
"revision_history": [
{
"date": "2022-11-08T10:01:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-08T10:01:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:32:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product": {
"name": "Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.src",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.src",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debugsource@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-apps-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-debuginfo@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-c%2B%2B@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-client%2B%2B@1.51.0-8.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"product": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"product_id": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xmlrpc-c-devel@1.51.0-8.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.src",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "BaseOS-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.src as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.src",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.i686 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"relates_to_product_reference": "CRB-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64 as a component of Red Hat CodeReady Linux Builder (v. 8)",
"product_id": "CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
},
"product_reference": "xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"relates_to_product_reference": "CRB-8.7.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:01:55+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"BaseOS-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"BaseOS-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.src",
"CRB-8.7.0.GA:xmlrpc-c-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-apps-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-c++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client++-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-client-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debuginfo-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-debugsource-0:1.51.0-8.el8.x86_64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.aarch64",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.i686",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.ppc64le",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.s390x",
"CRB-8.7.0.GA:xmlrpc-c-devel-0:1.51.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
}
]
}
RHSA-2022:1069
Vulnerability from csaf_redhat - Published: 2022-03-28 12:01 - Updated: 2026-02-24 06:42Summary
Red Hat Security Advisory: expat security update
Notes
Topic
An update for expat is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for expat is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:1069",
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_1069.json"
}
],
"title": "Red Hat Security Advisory: expat security update",
"tracking": {
"current_release_date": "2026-02-24T06:42:48+00:00",
"generator": {
"date": "2026-02-24T06:42:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2022:1069",
"initial_release_date": "2022-03-28T12:01:28+00:00",
"revision_history": [
{
"date": "2022-03-28T12:01:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-28T12:01:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-24T06:42:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::computenode"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.src",
"product": {
"name": "expat-0:2.1.0-14.el7_9.src",
"product_id": "expat-0:2.1.0-14.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-0:2.1.0-14.el7_9.i686",
"product_id": "expat-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686",
"product_id": "expat-devel-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.i686",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.i686",
"product_id": "expat-static-0:2.1.0-14.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.x86_64",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64",
"product_id": "expat-static-0:2.1.0-14.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-devel-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.ppc",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc",
"product_id": "expat-static-0:2.1.0-14.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.ppc64",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64",
"product_id": "expat-static-0:2.1.0-14.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-0:2.1.0-14.el7_9.s390",
"product_id": "expat-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390",
"product_id": "expat-devel-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.s390",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.s390",
"product_id": "expat-static-0:2.1.0-14.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-devel-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.s390x",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x",
"product_id": "expat-static-0:2.1.0-14.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.1.0-14.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.1.0-14.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.1.0-14.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"product": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"product_id": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-static@2.1.0-14.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux ComputeNode Optional (v. 7)",
"product_id": "7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src"
},
"product_reference": "expat-0:2.1.0-14.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-devel-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-static-0:2.1.0-14.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
},
"product_reference": "expat-static-0:2.1.0-14.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this CVE based on the configurations of a default install in the context of SELinux enforcement and services run as non privileged users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-28T12:01:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:1069"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Client-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Client-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7ComputeNode-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7ComputeNode-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Server-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Server-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.src",
"7Workstation-optional-7.9.Z:expat-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-debuginfo-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-devel-0:2.1.0-14.el7_9.x86_64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.i686",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.s390x",
"7Workstation-optional-7.9.Z:expat-static-0:2.1.0-14.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
}
]
}
RHSA-2022_0951
Vulnerability from csaf_redhat - Published: 2022-03-16 16:21 - Updated: 2024-11-22 18:31Summary
Red Hat Security Advisory: expat security update
Notes
Topic
An update for expat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for expat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0951",
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0951.json"
}
],
"title": "Red Hat Security Advisory: expat security update",
"tracking": {
"current_release_date": "2024-11-22T18:31:27+00:00",
"generator": {
"date": "2024-11-22T18:31:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:0951",
"initial_release_date": "2022-03-16T16:21:41+00:00",
"revision_history": [
{
"date": "2022-03-16T16:21:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-16T16:21:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:31:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.src",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.src",
"product_id": "expat-0:2.2.5-4.el8_5.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.src",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
}
]
}
RHSA-2022:7144
Vulnerability from csaf_redhat - Published: 2022-10-26 20:05 - Updated: 2026-02-24 06:42Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
* expat: stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: integer overflow in copyString() (CVE-2022-25314)
* expat: integer overflow in the doProlog function (CVE-2022-23990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7144",
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1966728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728"
},
{
"category": "external",
"summary": "2005119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119"
},
{
"category": "external",
"summary": "2005124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124"
},
{
"category": "external",
"summary": "2010934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934"
},
{
"category": "external",
"summary": "2034672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "2067945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067945"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7144.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"tracking": {
"current_release_date": "2026-02-24T06:42:50+00:00",
"generator": {
"date": "2026-02-24T06:42:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2022:7144",
"initial_release_date": "2022-10-26T20:05:57+00:00",
"revision_history": [
{
"date": "2022-10-26T20:05:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-07T10:20:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-24T06:42:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25032",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2022-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067945"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug was introduced in zlib v1.2.2.2 through zlib v1.2.11, with the addition of the Z_FIXED option, which forces the use of fixed Huffman codes, rather than dynamic Huffman codes, allowing for a simpler decoder for special applications.\n\nThis bug is difficult to trigger, as Z_FIXED is usually only used in special circumstances.\n\nRsync does the compression in-transit using zlib. As rsync uses vulnerable zlib v1.2.8 package, which incorrectly handles memory when performing certain zlib compressing or deflating operations. This results in rsync to crash.\n\nNote - The issue wasn\u0027t publicly labelled as security vulnerability until 2022, but the fix was public since 2018.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25032"
},
{
"category": "external",
"summary": "RHBZ#2067945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032"
}
],
"release_date": "2018-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs"
},
{
"cve": "CVE-2021-33193",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1966728"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Request splitting via HTTP/2 method injection and mod_proxy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33193"
},
{
"category": "external",
"summary": "RHBZ#1966728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193"
},
{
"category": "external",
"summary": "https://portswigger.net/research/http2",
"url": "https://portswigger.net/research/http2"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Request splitting via HTTP/2 method injection and mod_proxy"
},
{
"cve": "CVE-2021-36160",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2005124"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36160"
},
{
"category": "external",
"summary": "RHBZ#2005124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160"
}
],
"release_date": "2021-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path"
},
{
"cve": "CVE-2021-39275",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2005119"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-39275"
},
{
"category": "external",
"summary": "RHBZ#2005119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275"
}
],
"release_date": "2021-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input"
},
{
"cve": "CVE-2021-41524",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010934"
}
],
"notes": [
{
"category": "description",
"text": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects Apache HTTP Server 2.4.49 and Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP9, earlier versions are not affected. Therefore this issue does not affect the other versions of Apache HTTP Server shipped with Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41524"
},
{
"category": "external",
"summary": "RHBZ#2010934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2021-10-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing"
},
{
"cve": "CVE-2021-44224",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2021-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034672"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a null pointer dereference and server-side request forgery flaw in httpd\u0027s mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible NULL dereference or SSRF in forward proxy configurations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44224"
},
{
"category": "external",
"summary": "RHBZ#2034672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224"
},
{
"category": "external",
"summary": "http://httpd.apache.org/security/vulnerabilities_24.html",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2021-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: possible NULL dereference or SSRF in forward proxy configurations"
},
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this CVE based on the configurations of a default install in the context of SELinux enforcement and services run as non privileged users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048356"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: integer overflow in the doProlog function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23990"
},
{
"category": "external",
"summary": "RHBZ#2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
}
],
"release_date": "2022-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: integer overflow in the doProlog function"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Stack exhaustion in doctype parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications which only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25313"
},
{
"category": "external",
"summary": "RHBZ#2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Stack exhaustion in doctype parsing"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056354"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in copyString()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a severity of Moderate. The encoding name parameter is often hard-coded (rather than user input) and it would take a value in the gigabytes for the name to trigger this issue. The versions of `expat` as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include the vulnerable copyString() function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25314"
},
{
"category": "external",
"summary": "RHBZ#2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in copyString()"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
}
]
}
RHSA-2022:0951
Vulnerability from csaf_redhat - Published: 2022-03-16 16:21 - Updated: 2026-02-24 06:42Summary
Red Hat Security Advisory: expat security update
Notes
Topic
An update for expat is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for expat is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Expat is a C library for parsing XML documents.\n\nSecurity Fix(es):\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0951",
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0951.json"
}
],
"title": "Red Hat Security Advisory: expat security update",
"tracking": {
"current_release_date": "2026-02-24T06:42:48+00:00",
"generator": {
"date": "2026-02-24T06:42:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2022:0951",
"initial_release_date": "2022-03-16T16:21:41+00:00",
"revision_history": [
{
"date": "2022-03-16T16:21:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-16T16:21:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-24T06:42:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.src",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.src",
"product_id": "expat-0:2.2.5-4.el8_5.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.5-4.el8_5.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.5-4.el8_5.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.5-4.el8_5.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"product": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"product_id": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.5-4.el8_5.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.src",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.i686",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.s390x",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.5-4.el8_5.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
},
"product_reference": "expat-devel-0:2.2.5-4.el8_5.3.x86_64",
"relates_to_product_reference": "BaseOS-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this CVE based on the configurations of a default install in the context of SELinux enforcement and services run as non privileged users.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-16T16:21:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, applications using the Expat library must be restarted for the update to take effect.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0951"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.src",
"BaseOS-8.5.0.Z.MAIN:expat-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debuginfo-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-debugsource-0:2.2.5-4.el8_5.3.x86_64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.aarch64",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.i686",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.ppc64le",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.s390x",
"BaseOS-8.5.0.Z.MAIN:expat-devel-0:2.2.5-4.el8_5.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
}
]
}
RHSA-2022_7144
Vulnerability from csaf_redhat - Published: 2022-10-26 20:05 - Updated: 2024-11-22 18:32Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update
Notes
Topic
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)
* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)
* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)
* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)
* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)
* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)
* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)
* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)
* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)
* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)
* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)
* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)
* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)
* expat: stack exhaustion in doctype parsing (CVE-2022-25313)
* expat: integer overflow in copyString() (CVE-2022-25314)
* expat: integer overflow in the doProlog function (CVE-2022-23990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Core Services.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* httpd: Request splitting via HTTP/2 method injection and mod_proxy (CVE-2021-33193)\n\n* httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path (CVE-2021-36160)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)\n\n* httpd: NULL pointer dereference via crafted request during HTTP/2 request processing (CVE-2021-41524)\n\n* httpd: possible NULL dereference or SSRF in forward proxy configurations (CVE-2021-44224)\n\n* expat: Large number of prefixed XML attributes on a single tag can crash libexpat (CVE-2021-45960)\n\n* expat: Integer overflow in doProlog in xmlparse.c (CVE-2021-46143)\n\n* expat: Integer overflow in addBinding in xmlparse.c (CVE-2022-22822)\n\n* expat: Integer overflow in build_model in xmlparse.c (CVE-2022-22823)\n\n* expat: Integer overflow in defineAttribute in xmlparse.c (CVE-2022-22824)\n\n* expat: Integer overflow in lookup in xmlparse.c (CVE-2022-22825)\n\n* expat: Integer overflow in nextScaffoldPart in xmlparse.c (CVE-2022-22826)\n\n* expat: Integer overflow in storeAtts in xmlparse.c (CVE-2022-22827)\n\n* expat: Integer overflow in function XML_GetBuffer (CVE-2022-23852)\n\n* expat: stack exhaustion in doctype parsing (CVE-2022-25313)\n\n* expat: integer overflow in copyString() (CVE-2022-25314)\n\n* expat: integer overflow in the doProlog function (CVE-2022-23990)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7144",
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1966728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728"
},
{
"category": "external",
"summary": "2005119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119"
},
{
"category": "external",
"summary": "2005124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124"
},
{
"category": "external",
"summary": "2010934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934"
},
{
"category": "external",
"summary": "2034672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672"
},
{
"category": "external",
"summary": "2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "2067945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067945"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7144.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"tracking": {
"current_release_date": "2024-11-22T18:32:37+00:00",
"generator": {
"date": "2024-11-22T18:32:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:7144",
"initial_release_date": "2022-10-26T20:05:57+00:00",
"revision_history": [
{
"date": "2022-10-26T20:05:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-07T10:20:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T18:32:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Core Services 1",
"product": {
"name": "Red Hat JBoss Core Services 1",
"product_id": "Red Hat JBoss Core Services 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25032",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2022-03-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2067945"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds access flaw was found in zlib, which allows memory corruption when deflating (ex: when compressing) if the input has many distant matches. For some rare inputs with a large number of distant matches (crafted payloads), the buffer into which the compressed or deflated data is written can overwrite the distance symbol table which it overlays. This issue results in corrupted output due to invalid distances, which leads to out-of-bound access, corrupting the memory and potentially crashing the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug was introduced in zlib v1.2.2.2 through zlib v1.2.11, with the addition of the Z_FIXED option, which forces the use of fixed Huffman codes, rather than dynamic Huffman codes, allowing for a simpler decoder for special applications.\n\nThis bug is difficult to trigger, as Z_FIXED is usually only used in special circumstances.\n\nRsync does the compression in-transit using zlib. As rsync uses vulnerable zlib v1.2.8 package, which incorrectly handles memory when performing certain zlib compressing or deflating operations. This results in rsync to crash.\n\nNote - The issue wasn\u0027t publicly labelled as security vulnerability until 2022, but the fix was public since 2018.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-25032"
},
{
"category": "external",
"summary": "RHBZ#2067945",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067945"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25032"
}
],
"release_date": "2018-04-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "zlib: A flaw found in zlib when compressing (not decompressing) certain inputs"
},
{
"cve": "CVE-2021-33193",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1966728"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference was found in Apache httpd mod_h2. The highest threat from this flaw is to system integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Request splitting via HTTP/2 method injection and mod_proxy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33193"
},
{
"category": "external",
"summary": "RHBZ#1966728",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33193"
},
{
"category": "external",
"summary": "https://portswigger.net/research/http2",
"url": "https://portswigger.net/research/http2"
}
],
"release_date": "2021-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "This flaw can be mitigated by disabling HTTP/2. More information available at: https://httpd.apache.org/docs/2.4/mod/mod_http2.html",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Request splitting via HTTP/2 method injection and mod_proxy"
},
{
"cve": "CVE-2021-36160",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2021-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2005124"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read in mod_proxy_uwsgi of httpd allows a remote unauthenticated attacker to crash the service through a crafted request. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36160"
},
{
"category": "external",
"summary": "RHBZ#2005124",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36160"
}
],
"release_date": "2021-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_uwsgi: out-of-bounds read via a crafted request uri-path"
},
{
"cve": "CVE-2021-39275",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2021-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2005119"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds write in function ap_escape_quotes of httpd allows an unauthenticated remote attacker to crash the server or potentially execute code on the system with the privileges of the httpd user, by providing malicious input to the function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No httpd module in Red Hat Enterprise Linux and Red Hat Software Collections pass untrusted data to ap_escape_quotes function, thus the Impact of the flaw has been set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-39275"
},
{
"category": "external",
"summary": "RHBZ#2005119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39275"
}
],
"release_date": "2021-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Out-of-bounds write in ap_escape_quotes() via malicious input"
},
{
"cve": "CVE-2021-41524",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2021-10-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2010934"
}
],
"notes": [
{
"category": "description",
"text": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects Apache HTTP Server 2.4.49 and Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP9, earlier versions are not affected. Therefore this issue does not affect the other versions of Apache HTTP Server shipped with Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-41524"
},
{
"category": "external",
"summary": "RHBZ#2010934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41524"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2021-10-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: NULL pointer dereference via crafted request during HTTP/2 request processing"
},
{
"cve": "CVE-2021-44224",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2021-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034672"
}
],
"notes": [
{
"category": "description",
"text": "There\u0027s a null pointer dereference and server-side request forgery flaw in httpd\u0027s mod_proxy module, when it is configured to be used as a forward proxy. A crafted packet could be sent on the adjacent network to the forward proxy that could cause a crash, or potentially SSRF via misdirected Unix Domain Socket requests. In the worst case, this could cause a denial of service or compromise to confidentiality of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible NULL dereference or SSRF in forward proxy configurations",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect httpd configurations that do not use forward proxy functionality (configurations where ProxyRequests is turned off).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44224"
},
{
"category": "external",
"summary": "RHBZ#2034672",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034672"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44224"
},
{
"category": "external",
"summary": "http://httpd.apache.org/security/vulnerabilities_24.html",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
}
],
"release_date": "2021-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: possible NULL dereference or SSRF in forward proxy configurations"
},
{
"cve": "CVE-2021-45960",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2022-01-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044451"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-45960"
},
{
"category": "external",
"summary": "RHBZ#2044451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/531",
"url": "https://github.com/libexpat/libexpat/issues/531"
}
],
"release_date": "2022-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat"
},
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048356"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: integer overflow in the doProlog function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23990"
},
{
"category": "external",
"summary": "RHBZ#2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
}
],
"release_date": "2022-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: integer overflow in the doProlog function"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Stack exhaustion in doctype parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications which only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25313"
},
{
"category": "external",
"summary": "RHBZ#2056350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Stack exhaustion in doctype parsing"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056354"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in copyString()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as having a severity of Moderate. The encoding name parameter is often hard-coded (rather than user input) and it would take a value in the gigabytes for the name to trigger this issue. The versions of `expat` as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this flaw as they did not include the vulnerable copyString() function.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25314"
},
{
"category": "external",
"summary": "RHBZ#2056354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056354"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in copyString()"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Core Services 1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-10-26T20:05:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat JBoss Core Services 1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7144"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"Red Hat JBoss Core Services 1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat JBoss Core Services 1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
}
]
}
RHSA-2022:0845
Vulnerability from csaf_redhat - Published: 2022-03-14 10:16 - Updated: 2026-01-27 09:13Summary
Red Hat Security Advisory: thunderbird security update
Notes
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 91.7.0.
Security Fix(es):
* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)
* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)
* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)
* expat: Namespace-separator characters in "xmlns[:prefix]" attribute values can lead to arbitrary code execution (CVE-2022-25236)
* expat: Integer overflow in storeRawNames() (CVE-2022-25315)
* Mozilla: Use-after-free in text reflows (CVE-2022-26381)
* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)
* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)
* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
* thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566)
* Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 91.7.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in XSLT parameter processing (CVE-2022-26485)\n\n* Mozilla: Use-after-free in WebGPU IPC Framework (CVE-2022-26486)\n\n* expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235)\n\n* expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution (CVE-2022-25236)\n\n* expat: Integer overflow in storeRawNames() (CVE-2022-25315)\n\n* Mozilla: Use-after-free in text reflows (CVE-2022-26381)\n\n* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-26383)\n\n* Mozilla: iframe allow-scripts sandbox bypass (CVE-2022-26384)\n\n* Mozilla: Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)\n\n* thunderbird: Crafted email could trigger an out-of-bounds write (CVE-2022-0566)\n\n* Mozilla: Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0845",
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2055591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055591"
},
{
"category": "external",
"summary": "2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "2061735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061735"
},
{
"category": "external",
"summary": "2061736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061736"
},
{
"category": "external",
"summary": "2062220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062220"
},
{
"category": "external",
"summary": "2062221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062221"
},
{
"category": "external",
"summary": "2062222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062222"
},
{
"category": "external",
"summary": "2062223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062223"
},
{
"category": "external",
"summary": "2062224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062224"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0845.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2026-01-27T09:13:58+00:00",
"generator": {
"date": "2026-01-27T09:13:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:0845",
"initial_release_date": "2022-03-14T10:16:37+00:00",
"revision_history": [
{
"date": "2022-03-14T10:16:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-14T10:16:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-27T09:13:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:91.7.0-2.el8_5.src",
"product": {
"name": "thunderbird-0:91.7.0-2.el8_5.src",
"product_id": "thunderbird-0:91.7.0-2.el8_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@91.7.0-2.el8_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:91.7.0-2.el8_5.aarch64",
"product": {
"name": "thunderbird-0:91.7.0-2.el8_5.aarch64",
"product_id": "thunderbird-0:91.7.0-2.el8_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@91.7.0-2.el8_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"product": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"product_id": "thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@91.7.0-2.el8_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"product_id": "thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@91.7.0-2.el8_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:91.7.0-2.el8_5.ppc64le",
"product": {
"name": "thunderbird-0:91.7.0-2.el8_5.ppc64le",
"product_id": "thunderbird-0:91.7.0-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@91.7.0-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"product_id": "thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@91.7.0-2.el8_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"product_id": "thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@91.7.0-2.el8_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:91.7.0-2.el8_5.x86_64",
"product": {
"name": "thunderbird-0:91.7.0-2.el8_5.x86_64",
"product_id": "thunderbird-0:91.7.0-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@91.7.0-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64",
"product": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64",
"product_id": "thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@91.7.0-2.el8_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"product_id": "thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@91.7.0-2.el8_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:91.7.0-2.el8_5.s390x",
"product": {
"name": "thunderbird-0:91.7.0-2.el8_5.s390x",
"product_id": "thunderbird-0:91.7.0-2.el8_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@91.7.0-2.el8_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"product": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"product_id": "thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@91.7.0-2.el8_5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"product": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"product_id": "thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@91.7.0-2.el8_5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:91.7.0-2.el8_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64"
},
"product_reference": "thunderbird-0:91.7.0-2.el8_5.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:91.7.0-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le"
},
"product_reference": "thunderbird-0:91.7.0-2.el8_5.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:91.7.0-2.el8_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x"
},
"product_reference": "thunderbird-0:91.7.0-2.el8_5.s390x",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:91.7.0-2.el8_5.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src"
},
"product_reference": "thunderbird-0:91.7.0-2.el8_5.src",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:91.7.0-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64"
},
"product_reference": "thunderbird-0:91.7.0-2.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x"
},
"product_reference": "thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64"
},
"product_reference": "thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x"
},
"product_reference": "thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
},
"product_reference": "thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64",
"relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0566",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2055591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Thunderbird. The vulnerability occurs due to an out-of-bounds write of one byte when processing the message. This flaw allows an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thunderbird: Crafted email could trigger an out-of-bounds write",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0566"
},
{
"category": "external",
"summary": "RHBZ#2055591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0566"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566"
}
],
"release_date": "2022-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "thunderbird: Crafted email could trigger an out-of-bounds write"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-838",
"name": "Inappropriate Encoding for Output Context"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing malformed 2- and 3-byte UTF-8 sequences (for example, from start tag names) to the XML processing application on top of expat can lead to arbitrary code execution. This issue is dependent on how invalid UTF-8 is handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25235"
},
{
"category": "external",
"summary": "RHBZ#2056366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\n\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25236"
},
{
"category": "external",
"summary": "RHBZ#2056370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2056363"
}
],
"notes": [
{
"category": "description",
"text": "An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeRawNames()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25315"
},
{
"category": "external",
"summary": "RHBZ#2056363",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056363"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
},
{
"category": "external",
"summary": "https://blog.hartwork.org/posts/expat-2-4-5-released/",
"url": "https://blog.hartwork.org/posts/expat-2-4-5-released/"
}
],
"release_date": "2022-02-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
},
{
"category": "workaround",
"details": "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in storeRawNames()"
},
{
"cve": "CVE-2022-26381",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062223"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have caused a use-after-free issue by forcing a text reflow in an SVG object, leading to a potentially exploitable crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in text reflows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26381"
},
{
"category": "external",
"summary": "RHBZ#2062223",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062223"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26381"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26381",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26381"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in text reflows"
},
{
"cve": "CVE-2022-26383",
"cwe": {
"id": "CWE-449",
"name": "The UI Performs the Wrong Action"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Browser window spoof using fullscreen mode",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26383"
},
{
"category": "external",
"summary": "RHBZ#2062220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26383"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Browser window spoof using fullscreen mode"
},
{
"cve": "CVE-2022-26384",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062221"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nIf an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: iframe allow-scripts sandbox bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26384"
},
{
"category": "external",
"summary": "RHBZ#2062221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26384",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26384"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26384",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26384"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: iframe allow-scripts sandbox bypass"
},
{
"cve": "CVE-2022-26386",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062224"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as: Previously Thunderbird for macOS and Linux would download temporary files to a user-specific directory in /tmp, but this behavior was changed to download them to /tmp where they could be affected by other local users. This behavior was reverted to the original, user-specific directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Temporary files downloaded to /tmp and accessible by other local users",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26386"
},
{
"category": "external",
"summary": "RHBZ#2062224",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062224"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26386"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Temporary files downloaded to /tmp and accessible by other local users"
},
{
"cve": "CVE-2022-26387",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2062222"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified, and Firefox would not have noticed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Time-of-check time-of-use bug when verifying add-on signatures",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26387"
},
{
"category": "external",
"summary": "RHBZ#2062222",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062222"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26387",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26387"
}
],
"release_date": "2022-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Time-of-check time-of-use bug when verifying add-on signatures"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Wang Gang, Liu Jialei, Du Sihang, Huang Yi \u0026 Yang Kang of 360 ATA"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-26485",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061736"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: Removing an XSLT parameter during processing could have led to an exploitable use-after-free issue. There were reports of attacks in the wild abusing this flaw.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in XSLT parameter processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26485"
},
{
"category": "external",
"summary": "RHBZ#2061736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061736"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26485",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26485"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26485"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-07T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in XSLT parameter processing"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Wang Gang, Liu Jialei, Du Sihang, Huang Yi \u0026 Yang Kang of 360 ATA"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-26486",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2061735"
}
],
"notes": [
{
"category": "description",
"text": "An unexpected message in the WebGPU IPC framework could lead to an exploitable sandbox escape and a use-after-free issue. An attacker with enough privileges could exploit this flaw leading to a complete system compromise",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebGPU IPC Framework",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-26486"
},
{
"category": "external",
"summary": "RHBZ#2061735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-26486",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26486"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2022-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-14T10:16:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0845"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.src",
"AppStream-8.5.0.Z.MAIN:thunderbird-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debuginfo-0:91.7.0-2.el8_5.x86_64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.aarch64",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.ppc64le",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.s390x",
"AppStream-8.5.0.Z.MAIN:thunderbird-debugsource-0:91.7.0-2.el8_5.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-03-07T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebGPU IPC Framework"
}
]
}
RHBA-2022:4046
Vulnerability from csaf_redhat - Published: 2022-05-17 19:10 - Updated: 2025-12-09 09:11Summary
Red Hat Bug Fix Advisory: new packages: expat
Notes
Topic
New expat packages are available for Red Hat Enterprise Linux 9.
Details
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.0 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New expat packages are available for Red Hat Enterprise Linux 9.",
"title": "Topic"
},
{
"category": "general",
"text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.0 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2022:4046",
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.0_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.0_release_notes/index"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_4046.json"
}
],
"title": "Red Hat Bug Fix Advisory: new packages: expat",
"tracking": {
"current_release_date": "2025-12-09T09:11:09+00:00",
"generator": {
"date": "2025-12-09T09:11:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.13"
}
},
"id": "RHBA-2022:4046",
"initial_release_date": "2022-05-17T19:10:55+00:00",
"revision_history": [
{
"date": "2022-05-17T19:10:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-05-17T19:10:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-09T09:11:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-12.el9_0.aarch64",
"product": {
"name": "expat-devel-0:2.2.10-12.el9_0.aarch64",
"product_id": "expat-devel-0:2.2.10-12.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-12.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"product": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"product_id": "expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-12.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"product": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"product_id": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-12.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "expat-0:2.2.10-12.el9_0.aarch64",
"product": {
"name": "expat-0:2.2.10-12.el9_0.aarch64",
"product_id": "expat-0:2.2.10-12.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-12.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-12.el9_0.ppc64le",
"product": {
"name": "expat-devel-0:2.2.10-12.el9_0.ppc64le",
"product_id": "expat-devel-0:2.2.10-12.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-12.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"product": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"product_id": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-12.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"product": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"product_id": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-12.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "expat-0:2.2.10-12.el9_0.ppc64le",
"product": {
"name": "expat-0:2.2.10-12.el9_0.ppc64le",
"product_id": "expat-0:2.2.10-12.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-12.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-12.el9_0.i686",
"product": {
"name": "expat-devel-0:2.2.10-12.el9_0.i686",
"product_id": "expat-devel-0:2.2.10-12.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-12.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-12.el9_0.i686",
"product": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.i686",
"product_id": "expat-debugsource-0:2.2.10-12.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-12.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-12.el9_0.i686",
"product": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.i686",
"product_id": "expat-debuginfo-0:2.2.10-12.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-12.el9_0?arch=i686"
}
}
},
{
"category": "product_version",
"name": "expat-0:2.2.10-12.el9_0.i686",
"product": {
"name": "expat-0:2.2.10-12.el9_0.i686",
"product_id": "expat-0:2.2.10-12.el9_0.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-12.el9_0?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-12.el9_0.x86_64",
"product": {
"name": "expat-devel-0:2.2.10-12.el9_0.x86_64",
"product_id": "expat-devel-0:2.2.10-12.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-12.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"product": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"product_id": "expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-12.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"product": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"product_id": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-12.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "expat-0:2.2.10-12.el9_0.x86_64",
"product": {
"name": "expat-0:2.2.10-12.el9_0.x86_64",
"product_id": "expat-0:2.2.10-12.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-12.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-devel-0:2.2.10-12.el9_0.s390x",
"product": {
"name": "expat-devel-0:2.2.10-12.el9_0.s390x",
"product_id": "expat-devel-0:2.2.10-12.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-devel@2.2.10-12.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debugsource-0:2.2.10-12.el9_0.s390x",
"product": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.s390x",
"product_id": "expat-debugsource-0:2.2.10-12.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debugsource@2.2.10-12.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"product": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"product_id": "expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat-debuginfo@2.2.10-12.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "expat-0:2.2.10-12.el9_0.s390x",
"product": {
"name": "expat-0:2.2.10-12.el9_0.s390x",
"product_id": "expat-0:2.2.10-12.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-12.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-0:2.2.10-12.el9_0.src",
"product": {
"name": "expat-0:2.2.10-12.el9_0.src",
"product_id": "expat-0:2.2.10-12.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/expat@2.2.10-12.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src"
},
"product_reference": "expat-0:2.2.10-12.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src"
},
"product_reference": "expat-0:2.2.10-12.el9_0.src",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-debugsource-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.i686",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "expat-devel-0:2.2.10-12.el9_0.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
},
"product_reference": "expat-devel-0:2.2.10-12.el9_0.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-46143",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044455"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in doProlog in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-46143"
},
{
"category": "external",
"summary": "RHBZ#2044455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/532",
"url": "https://github.com/libexpat/libexpat/issues/532"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in doProlog in xmlparse.c"
},
{
"cve": "CVE-2022-22822",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044457"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in addBinding in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22822"
},
{
"category": "external",
"summary": "RHBZ#2044457",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044457"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in addBinding in xmlparse.c"
},
{
"cve": "CVE-2022-22823",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044464"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in build_model in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22823"
},
{
"category": "external",
"summary": "RHBZ#2044464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in build_model in xmlparse.c"
},
{
"cve": "CVE-2022-22824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044467"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in defineAttribute in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2\u003csup\u003e29\u003c/sup\u003e prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22824"
},
{
"category": "external",
"summary": "RHBZ#2044467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: Integer overflow in defineAttribute in xmlparse.c"
},
{
"cve": "CVE-2022-22825",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044479"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in lookup in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22825"
},
{
"category": "external",
"summary": "RHBZ#2044479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044479"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in lookup in xmlparse.c"
},
{
"cve": "CVE-2022-22826",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044484"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in nextScaffoldPart in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22826"
},
{
"category": "external",
"summary": "RHBZ#2044484",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044484"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in nextScaffoldPart in xmlparse.c"
},
{
"cve": "CVE-2022-22827",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044488"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in storeAtts in xmlparse.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22827"
},
{
"category": "external",
"summary": "RHBZ#2044488",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044488"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/539",
"url": "https://github.com/libexpat/libexpat/pull/539"
}
],
"release_date": "2022-01-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in storeAtts in xmlparse.c"
},
{
"cve": "CVE-2022-23852",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044613"
}
],
"notes": [
{
"category": "description",
"text": "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Integer overflow in function XML_GetBuffer",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23852"
},
{
"category": "external",
"summary": "RHBZ#2044613",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044613"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/550",
"url": "https://github.com/libexpat/libexpat/pull/550"
}
],
"release_date": "2022-01-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Integer overflow in function XML_GetBuffer"
},
{
"cve": "CVE-2022-23990",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2022-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2048356"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in expat. The vulnerability occurs due to large content in element type declarations when there is an element declaration handler present which leads to an integer overflow. This flaw allows an attacker to inject an unsigned integer, leading to a crash or a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: integer overflow in the doProlog function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security marked this flaw as Moderate Impact because the vulnerability includes a flaw that is present in a program\u2019s source code but to which no current or theoretically possible, but unproven, exploitation vectors exist or were found during the technical analysis of the flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23990"
},
{
"category": "external",
"summary": "RHBZ#2048356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
}
],
"release_date": "2022-01-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-05-17T19:10:55+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"AppStream-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"AppStream-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.src",
"BaseOS-9.0.0.GA:expat-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debuginfo-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-debugsource-0:2.2.10-12.el9_0.x86_64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.aarch64",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.i686",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.ppc64le",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.s390x",
"BaseOS-9.0.0.GA:expat-devel-0:2.2.10-12.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2022:4046"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",