In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
|
Configuration 10 (hide)
AND |
|
History
21 Jan 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2023/12/28/5 - Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/01/03/5 - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/ - Mailing List, Third Party Advisory |
03 Jan 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2023, 14:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h500s Firmware
Netapp h410c Netapp h700s Firmware Netapp h500s Netapp h300s Firmware Netapp h700s Netapp h410c Firmware Netapp h410s Netapp h300s Netapp h410s Firmware |
|
CPE | cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:* |
cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* |
07 Nov 2023, 03:54
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
02 Dec 2022, 23:00
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221118-0007/ - Third Party Advisory | |
CPE | cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:* |
|
First Time |
Netapp active Iq Unified Manager
Netapp baseboard Management Controller H410s Netapp baseboard Management Controller H500s Netapp baseboard Management Controller H300s Firmware Netapp baseboard Management Controller H700s Netapp oncommand Workflow Automation Netapp Netapp solidfire \& Hci Management Node Netapp baseboard Management Controller H700s Firmware Netapp hci Compute Node Netapp baseboard Management Controller H300s Netapp baseboard Management Controller H500s Firmware Netapp baseboard Management Controller H410c Firmware Netapp hci Compute Node Firmware Netapp baseboard Management Controller H410c Netapp baseboard Management Controller H410s Firmware |
18 Nov 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Nov 2022, 18:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Debian debian Linux Debian Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJ5VY2VYXE4WTRGQ6LMGLF6FV3SY37YE/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DPQVIF6TOJNY2T3ZZETFKR4G34FFREBQ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XG5XOOB7CD55CEE6OJYKSACSIMQ4RWQ6/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202210-38 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BY4OPSIB33ETNUXZY2UPZ4NGQ3OKDY4D/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FFCOMBSOJKLIKCGCJWHLJXO4EVYBG7AR/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IUJ2BULJTZ2BMSKQHB6US674P55UCWWS/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5266 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html - Mailing List, Third Party Advisory |
14 Nov 2022, 15:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Oct 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Oct 2022, 16:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-24 14:15
Updated : 2024-01-21 02:08
NVD link : CVE-2022-43680
Mitre link : CVE-2022-43680
CVE.ORG link : CVE-2022-43680
JSON object : View
Products Affected
netapp
- h700s_firmware
- h700s
- h300s_firmware
- h410c
- h410s
- active_iq_unified_manager
- h500s_firmware
- oncommand_workflow_automation
- hci_compute_node_firmware
- hci_compute_node
- h410s_firmware
- solidfire_\&_hci_management_node
- h500s
- h410c_firmware
- h300s
debian
- debian_linux
libexpat_project
- libexpat
fedoraproject
- fedora
CWE
CWE-416
Use After Free