{
  "schema_version": "1.6.2",
  "id": "MGASA-2022-0031",
  "published": "2022-01-25T12:13:11Z",
  "modified": "2022-01-25T11:29:40Z",
  "summary": "Updated expat packages fix security vulnerability",
  "details": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places\nin the storeAtts function in xmlparse.c can lead to realloc misbehavior\n(e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)\n\nIn doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer\noverflow exists for m_groupSize. (CVE-2021-46143)\n\naddBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22822)\n\nbuild_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22823)\n\ndefineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22824)\n\nlookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer\noverflow. (CVE-2022-22825)\n\nnextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22826)\n\nstoreAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22827)\n",
  "related": [
    "CVE-2021-45960",
    "CVE-2021-46143",
    "CVE-2022-22822",
    "CVE-2022-22823",
    "CVE-2022-22824",
    "CVE-2022-22825",
    "CVE-2022-22826",
    "CVE-2022-22827"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2022-0031.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=29902"
    },
    {
      "type": "REPORT",
      "url": "https://blog.hartwork.org/posts/expat-2-4-3-released/"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:8",
        "name": "expat",
        "purl": "pkg:rpm/mageia/expat?arch=source&distro=mageia-8"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.10-1.1.mga8"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}