Expat library patched against code execution vulnerabilities – Security – Software

Victoria D. Doty

The common XML parser library Expat (libexpat) has been patched versus 5 vulnerabilities.

The library attributes in open up supply application like Apache, Mozilla, Perl, PHP and Python, together with most Linux distributions.

The vulnerabilities expose XML processors on prime of expat to at minimum two exploit vectors: arbitrary code execution, or denial-of-provider.

As developer Sebastian Pipping wrote: “Please be aware that seeking at a vulnerability in isolation may perhaps miss section of the picture … if Expat passes malformed data to the software working with Expat and that software isn’t really organized for Expat violating their agreed API agreement, you may perhaps finish up with code execution from a thing that appeared near to harmless, in isolation.”

The bugs are fixed in release 2.4.5.

Code execution exploits are recognised for two of the bugs:

  • In CVE-2022-25235, an attacker can get Expat to go malformed 2- and 3-byte UTF-8 sequences up to the XML processor.
  • In CVE-2022-25236, “passing (a person or far more) namespace separator characters in “xmlns[:prefix]” attribute values built Expat deliver malformed tag names to the XML processor on leading of Expat”.

CVE-2022-25313 is a stack exhaustion in Expat’s doctype parsing, though CVE-2022-25314 is an integer overflow in the copyString functionality. The two of these could crash the application on leading of Expat.

Ultimately, CVE-2022-25315 is an integer overflow in the storeRawNames functionality, only attackable on 64-little bit equipment making use of gigabyte-dimensions inputs. An exploit is shown right here.

Next Post

Grammar-Based Grounded Lexicon Learning - Technology Org

Humans find out grounded and compositional representations for novel text from a couple of grammar illustrations. We rely on contexts, such as visible perception, and we know how these phrases relate to just about every other in composing the which means of a sentence. Graphic credit: Max Pixel, CC0 General […]

Subscribe US Now