Vulnerability Name:

CVE-2022-22824 (CCN-216906)

Assigned:2022-01-07
Published:2022-01-07
Updated:2022-10-06
Summary:defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-22824

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Source: XF
Type: UNKNOWN
expat-cve202222824-code-exec(216906)

Source: CCN
Type: libexpat GIT Repository
[W.I.P.] [CVE-2022-22822 to CVE-2022-22827] lib: Prevent more integer overflows #539

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/libexpat/libexpat/pull/539

Source: CCN
Type: oss-sec Mailing List, Mon, 17 Jan 2022 11:54:56 -0800
Expat 2.4.3 released, includes 8 security fixes

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-24

Source: DEBIAN
Type: Third Party Advisory
DSA-5073

Source: CCN
Type: IBM Security Bulletin 6559296 (HTTP Server)
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6563891 (Netezza Performance Portal)
Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Source: CCN
Type: IBM Security Bulletin 6572673 (Netezza Analytics for NPS)
Expat vulnerabilities affect IBM Netezza Analytics for NPS

Source: CCN
Type: IBM Security Bulletin 6572681 (Netezza Analytics)
Expat vulnerabilities affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6586492 (MQ Operator CD release)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.

Source: CCN
Type: IBM Security Bulletin 6587158 (Tivoli Monitoring)
IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

Source: CCN
Type: IBM Security Bulletin 6590977 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6601119 (Tivoli Network Manager)
Due to use of Expat IBM Tivoli Network Manager is vulnerable to arbitrary code execution (multiple vulnerabilities)

Source: CCN
Type: IBM Security Bulletin 6601293 (QRadar Network Packet Capture)
IBM QRadar Network Packet Capture includes multiple vulnerable components.

Source: CCN
Type: IBM Security Bulletin 6605299 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library.

Source: CCN
Type: IBM Security Bulletin 6606245 (Rational ClearCase)
Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827 )

Source: CCN
Type: IBM Security Bulletin 6607135 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6607878 (AIX)
AIX is affected by multiple vulnerabilities in Python

Source: CCN
Type: IBM Security Bulletin 6614725 (QRadar SIEM)
IBM QRadar SIEM includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6826021 (Robotic Process Automation)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6838291 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CONFIRM
Type: Third Party Advisory
https://www.tenable.com/security/tns-2022-05

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libexpat_project:libexpat:*:*:*:*:*:*:*:* (Version < 2.4.3)

    • Configuration 2:
  • cpe:/a:tenable:nessus:*:*:*:*:*:*:*:* (Version < 8.15.3)
  • OR cpe:/a:tenable:nessus:*:*:*:*:*:*:*:* (Version >= 10.0.0 and < 10.1.1)

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* (Version < 3.1)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_packet_capture:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20227692
    P
    		RHSA-2022:7692: xmlrpc-c security update (Moderate)
    2022-11-08
    oval:org.opensuse.security:def:94547
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2917
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:com.redhat.rhsa:def:20221069
    P
    		RHSA-2022:1069: expat security update (Important)
    2022-03-28
    oval:com.redhat.rhsa:def:20220951
    P
    		RHSA-2022:0951: expat security update (Important)
    2022-03-16
    oval:org.opensuse.security:def:100739
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:42185
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:99738
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:101608
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:42291
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:100067
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:896
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:99202
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:100405
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:99476
    P
    		 (Important)
    2022-01-25
    BACK
    libexpat_project libexpat *
    tenable nessus *
    tenable nessus *
    debian debian linux 10.0
    debian debian linux 11.0
    siemens sinema remote connect server *
    ibm http server 7.0
    ibm http server 8.0
    ibm http server 8.5
    ibm tivoli monitoring 6.3.0
    ibm rational clearcase 8.0.1
    ibm rational clearcase 8.0.0
    ibm rational clearcase 9.0.1
    ibm qradar security information and event manager 7.3
    ibm qradar network security 5.4.0
    ibm tivoli monitoring 6.3.0.7
    ibm qradar network security 5.5.0
    ibm qradar network packet capture 7.3
    ibm qradar security information and event manager 7.4 -
    ibm aix 7.3
    ibm robotic process automation 21.0.0
    ibm robotic process automation 21.0.1
    ibm robotic process automation 21.0.2