Vulnerability Name:

CVE-2022-25313 (CCN-219947)

Assigned:2022-02-18
Published:2022-02-18
Updated:2022-10-07
Summary:In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
CWE-770
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2022-25313

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Source: XF
Type: UNKNOWN
libexpat-cve202225313-dos(219947)

Source: CCN
Type: libexpat GIT Repository
Prevent stack exhaustion in build_model #558

Source: MISC
Type: Third Party Advisory
https://github.com/libexpat/libexpat/pull/558

Source: CCN
Type: libexpat Web site
libexpat

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20220307 [SECURITY] [DLA 2935-1] expat security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-04f206996b

Source: FEDORA
Type: Third Party Advisory
FEDORA-2022-3d9d67f558

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-24

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0008/

Source: DEBIAN
Type: Third Party Advisory
DSA-5085

Source: CCN
Type: IBM Security Bulletin 6560814 (HTTP Server)
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6572673 (Netezza Analytics for NPS)
Expat vulnerabilities affect IBM Netezza Analytics for NPS

Source: CCN
Type: IBM Security Bulletin 6572681 (Netezza Analytics)
Expat vulnerabilities affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6587106 (Netezza Performance Portal)
Vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Source: CCN
Type: IBM Security Bulletin 6587158 (Tivoli Monitoring)
IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

Source: CCN
Type: IBM Security Bulletin 6590977 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6597637 (DB2 for Linux, UNIX and Windows)
IBM Db2 is affected by multiple vulnerabilities due to the consumed Expat library

Source: CCN
Type: IBM Security Bulletin 6601119 (Tivoli Network Manager)
Due to use of Expat IBM Tivoli Network Manager is vulnerable to arbitrary code execution (multiple vulnerabilities)

Source: CCN
Type: IBM Security Bulletin 6607878 (AIX)
AIX is affected by multiple vulnerabilities in Python

Source: CCN
Type: IBM Security Bulletin 6611147 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6611649 (PureData System for Operational Analytics)
Multiple security vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6618709 (Intelligent Operations Center)
Multiple vulnerabilities found in IBM DB2 which is shipped with IBM Intelligent Operations Center(CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315)

Source: CCN
Type: IBM Security Bulletin 6837303 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-25313

Source: CCN
Type: IBM Security Bulletin 6843889 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat (CVE-2022-25313)

Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libexpat_project:libexpat:*:*:*:*:*:*:*:* (Version < 2.4.5)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* (Version < 3.1)

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.4.4:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7492
    P
    		expat-2.4.4-150400.3.12.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20227811
    P
    		RHSA-2022:7811: mingw-expat security update (Important)
    2022-11-08
    oval:org.opensuse.security:def:94458
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93144
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93823
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3619
    P
    		Security update for expat (Important)
    2022-07-06
    oval:org.opensuse.security:def:93304
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:94037
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:95249
    P
    		Security update for expat (Important)
    2022-07-06
    oval:org.opensuse.security:def:93462
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:94249
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93616
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:548
    P
    		Security update for expat (Important)
    2022-07-06
    oval:com.redhat.rhsa:def:20225244
    P
    		RHSA-2022:5244: expat security update (Moderate)
    2022-07-01
    oval:com.redhat.rhsa:def:20225314
    P
    		RHSA-2022:5314: expat security update (Moderate)
    2022-06-30
    oval:org.opensuse.security:def:94547
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2917
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:956
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:99215
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:100422
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119321
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:99489
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:118826
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:42203
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:100756
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119504
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:99751
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119016
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:42346
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:101648
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:119689
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:100084
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119127
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:125810
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:6180
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:126973
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:127371
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:5360
    P
    		Security update for expat (Important)
    2022-03-03
    BACK
    libexpat_project libexpat *
    debian debian linux 10.0
    debian debian linux 11.0
    fedoraproject fedora 34
    fedoraproject fedora 35
    oracle http server 12.2.1.3.0
    oracle http server 12.2.1.4.0
    oracle zfs storage appliance kit 8.8
    siemens sinema remote connect server *
    libexpat_project libexpat 2.2.0
    libexpat_project libexpat 2.2.6
    libexpat_project libexpat 2.2.5
    libexpat_project libexpat 2.2.4
    libexpat_project libexpat 2.2.3
    libexpat_project libexpat 2.2.2
    libexpat_project libexpat 2.2.1
    libexpat_project libexpat 2.2.7
    libexpat_project libexpat 2.4.3
    libexpat_project libexpat 2.4.4
    ibm http server 7.0
    ibm http server 8.0
    ibm http server 8.5
    ibm tivoli monitoring 6.3.0
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 10.1
    ibm db2 10.1
    ibm db2 10.1
    ibm db2 9.7
    ibm db2 9.7
    ibm db2 9.7
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.1
    ibm tivoli monitoring 6.3.0.7
    ibm intelligent operations center 5.1.0
    ibm intelligent operations center 5.1.0.2
    ibm intelligent operations center 5.1.0.3
    ibm intelligent operations center 5.1.0.4
    ibm intelligent operations center 5.1.0.6
    ibm intelligent operations center 5.2
    ibm intelligent operations center 5.2.1
    ibm aix 7.3
    ibm app connect enterprise certified container 4.2
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3
    ibm cloud pak for security 1.10.0.0