Shodan
Vulnerabilities
Vulnerable Software
Libexpat Project:  >> Libexpat  Security Vulnerabilities
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS Score
9.8
EPSS Score
0.073
Published
2022-02-18
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS Score
9.8
EPSS Score
0.112
Published
2022-02-16
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVSS Score
9.8
EPSS Score
0.089
Published
2022-02-16
CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVSS Score
7.5
EPSS Score
0.031
Published
2022-01-26
CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVSS Score
9.8
EPSS Score
0.018
Published
2022-01-24
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-10
CVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-01-10
CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-01-10
CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-10
CVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved