Integer Overflow or Wraparound SNYK-DEBIAN9-EXPAT-2331814

## NVD Description
**_Note:_** _Versions mentioned in the description apply only to the upstream `expat` package and not the `expat` package as distributed by `Debian`._
_See `How to fix?` for `Debian:9` relevant fixed versions and status._

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
## Remediation
Upgrade `Debian:9` `expat` to version 2.2.0-2+deb9u4 or higher.
## References
- [https://security-tracker.debian.org/tracker/CVE-2022-22825](https://security-tracker.debian.org/tracker/CVE-2022-22825)
- [http://www.openwall.com/lists/oss-security/2022/01/17/3](http://www.openwall.com/lists/oss-security/2022/01/17/3)
- [https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf)
- [https://github.com/libexpat/libexpat/pull/539](https://github.com/libexpat/libexpat/pull/539)
- [https://security.gentoo.org/glsa/202209-24](https://security.gentoo.org/glsa/202209-24)
- [https://www.debian.org/security/2022/dsa-5073](https://www.debian.org/security/2022/dsa-5073)
- [https://www.tenable.com/security/tns-2022-05](https://www.tenable.com/security/tns-2022-05)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integer Overflow or Wraparound SNYK-DEBIAN9-EXPAT-2331814 #365

NVD Description

Remediation

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

Integer Overflow or Wraparound SNYK-DEBIAN9-EXPAT-2331814 #365

Description

NVD Description

Remediation

References

Activity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Participants

Issue actions