Integer Overflow or Wraparound SNYK-DEBIAN9-EXPAT-2331815

## NVD Description
**_Note:_** _Versions mentioned in the description apply only to the upstream `expat` package and not the `expat` package as distributed by `Debian`._
_See `How to fix?` for `Debian:9` relevant fixed versions and status._

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
## Remediation
Upgrade `Debian:9` `expat` to version 2.2.0-2+deb9u4 or higher.
## References
- [https://security-tracker.debian.org/tracker/CVE-2022-22826](https://security-tracker.debian.org/tracker/CVE-2022-22826)
- [http://www.openwall.com/lists/oss-security/2022/01/17/3](http://www.openwall.com/lists/oss-security/2022/01/17/3)
- [https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf)
- [https://github.com/libexpat/libexpat/pull/539](https://github.com/libexpat/libexpat/pull/539)
- [https://security.gentoo.org/glsa/202209-24](https://security.gentoo.org/glsa/202209-24)
- [https://www.debian.org/security/2022/dsa-5073](https://www.debian.org/security/2022/dsa-5073)
- [https://www.tenable.com/security/tns-2022-05](https://www.tenable.com/security/tns-2022-05)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Integer Overflow or Wraparound SNYK-DEBIAN9-EXPAT-2331815 #756

NVD Description

Remediation

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Integer Overflow or Wraparound SNYK-DEBIAN9-EXPAT-2331815 #756

Description

NVD Description

Remediation

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions