CVE-2022-25313
Published: 18 February 2022
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Notes
| Author | Note |
|---|---|
| sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
| leosilva | from version 2.4.5-2 is known that fix for CVE-2022-25313 caused a regression so additional patches are needed. |
| rodrigo-zaiden | libxmltok does not include build_model so, it is not affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
|
apr-util Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Not vulnerable
(code-not-compiled)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
|
ayttm Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
cableswig Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
cadaver Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
cmake Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
|
coin3 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
expat Launchpad, Ubuntu, Debian |
bionic |
Released
(2.2.5-3ubuntu0.7)
|
| focal |
Released
(2.2.9-1ubuntu0.4)
|
|
| impish |
Released
(2.4.1-2ubuntu0.3)
|
|
| jammy |
Released
(2.4.5-2)
|
|
| kinetic |
Released
(2.4.5-2)
|
|
| lunar |
Released
(2.4.5-2)
|
|
| mantic |
Released
(2.4.5-2)
|
|
| trusty |
Released
(2.1.0-4ubuntu1.4+esm6)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Needs triage
|
|
| xenial |
Released
(2.1.0-7ubuntu0.16.04.5+esm5)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
|
firefox Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
| focal |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Released
(1:1snap1-0ubuntu1)
|
|
| kinetic |
Released
(1:1snap1-0ubuntu1)
|
|
| lunar |
Released
(1:1snap1-0ubuntu1)
|
|
| mantic |
Released
(1:1snap1-0ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
|
gdcm Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Not vulnerable
(uses system expat)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Not vulnerable
(uses system expat)
|
|
| trusty |
Not vulnerable
(uses system expat)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(uses system expat)
|
|
|
ghostscript Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
|
insighttoolkit Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
insighttoolkit4 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(uses system expat)
|
| focal |
Not vulnerable
(uses system expat)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Not vulnerable
(uses system expat)
|
|
| kinetic |
Not vulnerable
(uses system expat)
|
|
| lunar |
Not vulnerable
(uses system expat)
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
libxmltok Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| focal |
Not vulnerable
(code not present)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Not vulnerable
(code not present)
|
|
| jammy |
Not vulnerable
(code not present)
|
|
| kinetic |
Not vulnerable
(code not present)
|
|
| lunar |
Not vulnerable
(code not present)
|
|
| mantic |
Not vulnerable
(code not present)
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
matanza Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
smart Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
|
swish-e Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
tdom Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
texlive-bin Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code-not-compiled)
|
| focal |
Not vulnerable
(code-not-compiled)
|
|
| impish |
Not vulnerable
(code-not-compiled)
|
|
| jammy |
Not vulnerable
(code-not-compiled)
|
|
| kinetic |
Not vulnerable
(code-not-compiled)
|
|
| lunar |
Not vulnerable
(code-not-compiled)
|
|
| mantic |
Not vulnerable
(code-not-compiled)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code-not-compiled)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
bionic |
Ignored
(end of standard support, was needed)
|
| focal |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was ignored [bundled deps handled by upstream in new versions])
|
|
| mantic |
Ignored
(bundled deps handled by upstream in new versions)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Ignored
(end of standard support, was needed)
|
|
|
vnc4 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
vtk Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| impish |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
wbxml2 Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
|
|
xmlrpc-c Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| lunar |
Ignored
(end of life, was needs-triage)
|
|
| mantic |
Needs triage
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| xenial |
Needs triage
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |