CVE Vulnerabilities

CVE-2022-23852

Integer Overflow or Wraparound

Published: Jan 24, 2022 | Modified: Oct 29, 2022
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
9.8 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Weakness

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Affected Software

Name Vendor Start Version End Version
Libexpat Libexpat_project * 2.4.4 (excluding)
Red Hat Enterprise Linux 7 RedHat expat-0:2.1.0-14.el7_9 *
Red Hat Enterprise Linux 8 RedHat expat-0:2.2.5-4.el8_5.3 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat expat-0:2.2.5-4.el8_4.3 *
Red Hat JBoss Core Services 1 RedHat expat *
Apache2 Ubuntu trusty *
Apr-util Ubuntu trusty *
Ayttm Ubuntu trusty *
Cableswig Ubuntu trusty *
Cableswig Ubuntu xenial *
Cadaver Ubuntu kinetic *
Cadaver Ubuntu lunar *
Cadaver Ubuntu mantic *
Cadaver Ubuntu trusty *
Cmake Ubuntu trusty *
Coin3 Ubuntu bionic *
Coin3 Ubuntu esm-apps/bionic *
Coin3 Ubuntu esm-apps/xenial *
Coin3 Ubuntu esm-infra-legacy/trusty *
Coin3 Ubuntu trusty *
Coin3 Ubuntu trusty/esm *
Coin3 Ubuntu xenial *
Expat Ubuntu bionic *
Expat Ubuntu devel *
Expat Ubuntu esm-infra/xenial *
Expat Ubuntu focal *
Expat Ubuntu impish *
Expat Ubuntu jammy *
Expat Ubuntu kinetic *
Expat Ubuntu lunar *
Expat Ubuntu mantic *
Expat Ubuntu noble *
Expat Ubuntu oracular *
Expat Ubuntu trusty *
Expat Ubuntu trusty/esm *
Expat Ubuntu xenial *
Firefox Ubuntu bionic *
Firefox Ubuntu devel *
Firefox Ubuntu focal *
Firefox Ubuntu impish *
Firefox Ubuntu jammy *
Firefox Ubuntu kinetic *
Firefox Ubuntu lunar *
Firefox Ubuntu mantic *
Firefox Ubuntu noble *
Firefox Ubuntu oracular *
Firefox Ubuntu trusty *
Firefox Ubuntu xenial *
Gdcm Ubuntu trusty *
Ghostscript Ubuntu trusty *
Insighttoolkit Ubuntu esm-apps/xenial *
Insighttoolkit Ubuntu trusty *
Insighttoolkit Ubuntu xenial *
Insighttoolkit4 Ubuntu esm-apps/xenial *
Insighttoolkit4 Ubuntu impish *
Insighttoolkit4 Ubuntu trusty *
Insighttoolkit4 Ubuntu xenial *
Libxmltok Ubuntu hirsute *
Libxmltok Ubuntu trusty *
Libxmltok Ubuntu xenial *
Matanza Ubuntu kinetic *
Matanza Ubuntu lunar *
Matanza Ubuntu mantic *
Matanza Ubuntu trusty *
Smart Ubuntu trusty *
Swish-e Ubuntu kinetic *
Swish-e Ubuntu lunar *
Swish-e Ubuntu mantic *
Swish-e Ubuntu trusty *
Tdom Ubuntu bionic *
Tdom Ubuntu esm-apps/bionic *
Tdom Ubuntu esm-apps/focal *
Tdom Ubuntu esm-apps/xenial *
Tdom Ubuntu focal *
Tdom Ubuntu impish *
Tdom Ubuntu kinetic *
Tdom Ubuntu lunar *
Tdom Ubuntu mantic *
Tdom Ubuntu trusty *
Tdom Ubuntu xenial *
Texlive-bin Ubuntu trusty *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu impish *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu lunar *
Thunderbird Ubuntu mantic *
Thunderbird Ubuntu noble *
Thunderbird Ubuntu oracular *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *
Vnc4 Ubuntu bionic *
Vnc4 Ubuntu esm-apps/bionic *
Vnc4 Ubuntu esm-apps/xenial *
Vnc4 Ubuntu esm-infra-legacy/trusty *
Vnc4 Ubuntu trusty *
Vnc4 Ubuntu trusty/esm *
Vnc4 Ubuntu xenial *
Vtk Ubuntu trusty *
Vtk Ubuntu trusty/esm *
Vtk Ubuntu xenial *
Wbxml2 Ubuntu bionic *
Wbxml2 Ubuntu esm-apps/bionic *
Wbxml2 Ubuntu esm-apps/focal *
Wbxml2 Ubuntu esm-apps/xenial *
Wbxml2 Ubuntu focal *
Wbxml2 Ubuntu impish *
Wbxml2 Ubuntu kinetic *
Wbxml2 Ubuntu lunar *
Wbxml2 Ubuntu mantic *
Wbxml2 Ubuntu trusty *
Wbxml2 Ubuntu xenial *
Xmlrpc-c Ubuntu kinetic *
Xmlrpc-c Ubuntu lunar *
Xmlrpc-c Ubuntu mantic *
Xmlrpc-c Ubuntu trusty *

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
  • Understand the programming language’s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, “not-a-number” calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.

References