CVE-2022-25313 - API Security Blog

Main / CVE-2022-25313

CVE-2022-25313

Discription

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.

#### Notes

Author| Note
—|—
[sbeattie]() | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!)
[leosilva]() | from version 2.4.5-2 is known that fix for CVE-2022-25313 caused a regression so additional patches are needed.
[rodrigo-zaiden]() | libxmltok does not include build_model so, it is not affected.Read More

References

Back to Main

Subscribe for the latest news: