#VU67532 Use-after-free in expat


Published: 2022-09-21 | Updated: 2022-11-15

Vulnerability identifier: #VU67532

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-40674

CWE-ID: CWE-416

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
expat
Universal components / Libraries / Libraries used by multiple products

Vendor: libexpat.org

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

expat: 2.0.0 - 2.4.8

External links
http://github.com/libexpat/libexpat/pull/629
http://github.com/libexpat/libexpat/pull/640

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Netcool Operations Insight
Multiple vulnerabilities in Dell PowerScale OneFS
Multiple vulnerabilities in Red Hat Ansible Automation Platform 2.4
Multiple vulnerabilities in Service Telemetry Framework 1.5
Multiple vulnerabilities in Dell PowerStore Family
Multiple vulnerabilities in OpenShift Container Platform 4.11
Multiple vulnerabilities in Dell XtremIO X2
Multiple vulnerabilities in IBM Cloud Pak for Security (CP4S)
Multiple vulnerabilities in IBM Security Guardium
Multiple vulnerabilities in Dell ECS