Vulnerability Name:

CVE-2022-25314 (CCN-219946)

Assigned:2022-02-18
Published:2022-02-18
Updated:2022-10-05
Summary:In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-25314

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20220219 Expat 2.4.5 released, includes 5 security fixes

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Source: XF
Type: UNKNOWN
libexpat-cve202225314-overflow(219946)

Source: CCN
Type: libexpat GIT Repository
Prevent integer overflow in copyString #560

Source: MISC
Type: Third Party Advisory
https://github.com/libexpat/libexpat/pull/560

Source: CCN
Type: libexpat Web site
libexpat

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-04f206996b

Source: FEDORA
Type: Third Party Advisory
FEDORA-2022-3d9d67f558

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-24

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220303-0008/

Source: DEBIAN
Type: Third Party Advisory
DSA-5085

Source: CCN
Type: IBM Security Bulletin 6572673 (Netezza Analytics for NPS)
Expat vulnerabilities affect IBM Netezza Analytics for NPS

Source: CCN
Type: IBM Security Bulletin 6572681 (Netezza Analytics)
Expat vulnerabilities affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6587158 (Tivoli Monitoring)
IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

Source: CCN
Type: IBM Security Bulletin 6597637 (DB2 for Linux, UNIX and Windows)
IBM Db2 is affected by multiple vulnerabilities due to the consumed Expat library

Source: CCN
Type: IBM Security Bulletin 6601119 (Tivoli Network Manager)
Due to use of Expat IBM Tivoli Network Manager is vulnerable to arbitrary code execution (multiple vulnerabilities)

Source: CCN
Type: IBM Security Bulletin 6607878 (AIX)
AIX is affected by multiple vulnerabilities in Python

Source: CCN
Type: IBM Security Bulletin 6611147 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6611649 (PureData System for Operational Analytics)
Multiple security vulnerabilities has been identified in IBM DB2 shipped with IBM PureData System for Operational Analytics

Source: CCN
Type: IBM Security Bulletin 6615221 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6618709 (Intelligent Operations Center)
Multiple vulnerabilities found in IBM DB2 which is shipped with IBM Intelligent Operations Center(CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315)

Source: CCN
Type: IBM Security Bulletin 6837305 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to CVE-2022-25314

Source: CCN
Type: IBM Security Bulletin 6843891 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in libexpat (CVE-2022-25314).

Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6855297 (Security Verify Access)
IBM Security Verify Access Appliance includes components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6958506 (Security QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libexpat_project:libexpat:*:*:*:*:*:*:*:* (Version < 2.4.5)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* (Version < 3.1)

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:libexpat_project:libexpat:2.4.4:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.5:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:10.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:9.7:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:linux:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • OR cpe:/a:ibm:db2:11.1:*:*:*:*:windows:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.1.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:intelligent_operations_center:5.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:5.0:*:*:*:lts:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7492
    P
    		expat-2.4.4-150400.3.12.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20227811
    P
    		RHSA-2022:7811: mingw-expat security update (Important)
    2022-11-08
    oval:org.opensuse.security:def:94458
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93144
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93823
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3619
    P
    		Security update for expat (Important)
    2022-07-06
    oval:org.opensuse.security:def:93304
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:94037
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:95249
    P
    		Security update for expat (Important)
    2022-07-06
    oval:org.opensuse.security:def:93462
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:94249
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:93616
    P
    		 (Important)
    2022-07-06
    oval:org.opensuse.security:def:548
    P
    		Security update for expat (Important)
    2022-07-06
    oval:com.redhat.rhsa:def:20225244
    P
    		RHSA-2022:5244: expat security update (Moderate)
    2022-07-01
    oval:com.redhat.rhsa:def:20225314
    P
    		RHSA-2022:5314: expat security update (Moderate)
    2022-06-30
    oval:org.opensuse.security:def:94547
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2917
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:956
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:99215
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:100422
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119321
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:99489
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:118826
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:42203
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:100756
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119504
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:99751
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119016
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:42346
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:101648
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:119689
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:100084
    P
    		 (Important)
    2022-03-04
    oval:org.opensuse.security:def:119127
    P
    		Security update for expat (Important)
    2022-03-04
    oval:org.opensuse.security:def:125810
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:6180
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:126973
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:127371
    P
    		Security update for expat (Important)
    2022-03-03
    oval:org.opensuse.security:def:5360
    P
    		Security update for expat (Important)
    2022-03-03
    BACK
    libexpat_project libexpat *
    debian debian linux 10.0
    debian debian linux 11.0
    fedoraproject fedora 34
    fedoraproject fedora 35
    oracle http server 12.2.1.3.0
    oracle http server 12.2.1.4.0
    oracle zfs storage appliance kit 8.8
    siemens sinema remote connect server *
    libexpat_project libexpat 2.2.0
    libexpat_project libexpat 2.2.6
    libexpat_project libexpat 2.2.5
    libexpat_project libexpat 2.2.4
    libexpat_project libexpat 2.2.3
    libexpat_project libexpat 2.2.2
    libexpat_project libexpat 2.2.1
    libexpat_project libexpat 2.2.7
    libexpat_project libexpat 2.4.3
    libexpat_project libexpat 2.4.4
    ibm tivoli monitoring 6.3.0
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 10.5
    ibm db2 10.1
    ibm db2 10.1
    ibm db2 10.1
    ibm db2 9.7
    ibm db2 9.7
    ibm db2 9.7
    ibm db2 11.1
    ibm db2 11.1
    ibm db2 11.1
    ibm tivoli monitoring 6.3.0.7
    ibm intelligent operations center 5.1.0
    ibm intelligent operations center 5.1.0.2
    ibm intelligent operations center 5.1.0.3
    ibm intelligent operations center 5.1.0.4
    ibm intelligent operations center 5.1.0.6
    ibm intelligent operations center 5.2
    ibm intelligent operations center 5.2.1
    ibm security verify access 10.0.2.0
    ibm security verify access 10.0.0.0
    ibm security verify access 10.0.1.0
    ibm aix 7.3
    ibm app connect enterprise certified container 4.1
    ibm app connect enterprise certified container 4.2
    ibm security verify access 10.0.3.0
    ibm robotic process automation for cloud pak 21.0.1
    ibm robotic process automation for cloud pak 21.0.2
    ibm robotic process automation for cloud pak 21.0.3
    ibm cloud pak for security 1.10.0.0
    ibm app connect enterprise certified container 5.0
    ibm qradar security information and event manager 7.4 -
    ibm cloud pak for security 1.10.6.0
    ibm security verify access 10.0.4.0