CVE Vulnerabilities

CVE-2022-43680

Use After Free

Published: Oct 24, 2022 | Modified: May 30, 2025
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Weakness

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.

Affected Software

Name Vendor Start Version End Version
Libexpat Libexpat_project * 2.4.9 (including)
JBCS httpd 2.4.51.sp2 RedHat expat *
Red Hat Enterprise Linux 8 RedHat firefox-0:102.5.0-1.el8_7 *
Red Hat Enterprise Linux 8 RedHat expat-0:2.2.5-10.el8_7.1 *
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions RedHat firefox-0:102.5.0-1.el8_1 *
Red Hat Enterprise Linux 8.2 Advanced Update Support RedHat firefox-0:102.5.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Telecommunications Update Service RedHat firefox-0:102.5.0-1.el8_2 *
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions RedHat firefox-0:102.5.0-1.el8_2 *
Red Hat Enterprise Linux 8.4 Extended Update Support RedHat firefox-0:102.5.0-1.el8_4 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat firefox-0:102.5.0-1.el8_6 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat expat-0:2.2.5-8.el8_6.4 *
Red Hat Enterprise Linux 9 RedHat expat-0:2.4.9-1.el9_1.1 *
Red Hat Enterprise Linux 9 RedHat expat-0:2.4.9-1.el9_1.1 *
Apache2 Ubuntu trusty *
Apr-util Ubuntu trusty *
Ayttm Ubuntu trusty *
Ayttm Ubuntu xenial *
Cableswig Ubuntu trusty *
Cableswig Ubuntu xenial *
Cadaver Ubuntu bionic *
Cadaver Ubuntu focal *
Cadaver Ubuntu kinetic *
Cadaver Ubuntu lunar *
Cadaver Ubuntu mantic *
Cadaver Ubuntu oracular *
Cadaver Ubuntu trusty *
Cadaver Ubuntu xenial *
Cmake Ubuntu trusty *
Coin3 Ubuntu bionic *
Coin3 Ubuntu trusty *
Coin3 Ubuntu trusty/esm *
Coin3 Ubuntu xenial *
Expat Ubuntu bionic *
Expat Ubuntu devel *
Expat Ubuntu esm-infra-legacy/trusty *
Expat Ubuntu esm-infra/bionic *
Expat Ubuntu esm-infra/focal *
Expat Ubuntu esm-infra/xenial *
Expat Ubuntu focal *
Expat Ubuntu jammy *
Expat Ubuntu kinetic *
Expat Ubuntu lunar *
Expat Ubuntu mantic *
Expat Ubuntu noble *
Expat Ubuntu oracular *
Expat Ubuntu plucky *
Expat Ubuntu trusty *
Expat Ubuntu trusty/esm *
Expat Ubuntu xenial *
Firefox Ubuntu bionic *
Firefox Ubuntu focal *
Firefox Ubuntu trusty *
Firefox Ubuntu xenial *
Gdcm Ubuntu trusty *
Ghostscript Ubuntu trusty *
Insighttoolkit Ubuntu trusty *
Insighttoolkit Ubuntu xenial *
Insighttoolkit4 Ubuntu trusty *
Insighttoolkit4 Ubuntu xenial *
Libxmltok Ubuntu bionic *
Libxmltok Ubuntu kinetic *
Libxmltok Ubuntu lunar *
Libxmltok Ubuntu mantic *
Libxmltok Ubuntu trusty *
Libxmltok Ubuntu upstream *
Libxmltok Ubuntu xenial *
Matanza Ubuntu bionic *
Matanza Ubuntu devel *
Matanza Ubuntu esm-apps/bionic *
Matanza Ubuntu esm-apps/focal *
Matanza Ubuntu esm-apps/jammy *
Matanza Ubuntu esm-apps/noble *
Matanza Ubuntu esm-apps/xenial *
Matanza Ubuntu focal *
Matanza Ubuntu jammy *
Matanza Ubuntu kinetic *
Matanza Ubuntu lunar *
Matanza Ubuntu mantic *
Matanza Ubuntu noble *
Matanza Ubuntu oracular *
Matanza Ubuntu plucky *
Matanza Ubuntu trusty *
Matanza Ubuntu xenial *
Smart Ubuntu trusty *
Swish-e Ubuntu bionic *
Swish-e Ubuntu focal *
Swish-e Ubuntu kinetic *
Swish-e Ubuntu lunar *
Swish-e Ubuntu mantic *
Swish-e Ubuntu oracular *
Swish-e Ubuntu trusty *
Swish-e Ubuntu xenial *
Tdom Ubuntu bionic *
Tdom Ubuntu focal *
Tdom Ubuntu kinetic *
Tdom Ubuntu lunar *
Tdom Ubuntu mantic *
Tdom Ubuntu oracular *
Tdom Ubuntu trusty *
Tdom Ubuntu xenial *
Texlive-bin Ubuntu trusty *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu devel *
Thunderbird Ubuntu focal *
Thunderbird Ubuntu jammy *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu lunar *
Thunderbird Ubuntu mantic *
Thunderbird Ubuntu noble *
Thunderbird Ubuntu oracular *
Thunderbird Ubuntu plucky *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *
Vnc4 Ubuntu bionic *
Vnc4 Ubuntu trusty *
Vnc4 Ubuntu trusty/esm *
Vnc4 Ubuntu xenial *
Vtk Ubuntu trusty *
Vtk Ubuntu trusty/esm *
Vtk Ubuntu xenial *
Wbxml2 Ubuntu bionic *
Wbxml2 Ubuntu focal *
Wbxml2 Ubuntu kinetic *
Wbxml2 Ubuntu lunar *
Wbxml2 Ubuntu mantic *
Wbxml2 Ubuntu oracular *
Wbxml2 Ubuntu trusty *
Wbxml2 Ubuntu xenial *
Xmlrpc-c Ubuntu bionic *
Xmlrpc-c Ubuntu focal *
Xmlrpc-c Ubuntu kinetic *
Xmlrpc-c Ubuntu lunar *
Xmlrpc-c Ubuntu mantic *
Xmlrpc-c Ubuntu oracular *
Xmlrpc-c Ubuntu trusty *
Xmlrpc-c Ubuntu trusty/esm *
Xmlrpc-c Ubuntu xenial *

Potential Mitigations

References