CVE-2022-43680

NameCVE-2022-43680
DescriptionIn libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3165-1, DSA-5266-1
Debian Bugs1022743

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
expat (PTS)bullseye2.2.10-2+deb11u5fixed
bullseye (security)2.2.10-2+deb11u6fixed
bookworm, bookworm (security)2.5.0-1+deb12u1fixed
sid, trixie2.6.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
expatsourcebuster2.2.6-2+deb10u6DLA-3165-1
expatsourcebullseye2.2.10-2+deb11u5DSA-5266-1
expatsource(unstable)2.5.0-11022743

Notes

https://github.com/libexpat/libexpat/issues/649
https://github.com/libexpat/libexpat/pull/616
https://github.com/libexpat/libexpat/pull/650
Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0)
Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0)
Search for package or bug name: Reporting problems