pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2023-4120/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

331 lines
14 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20234120",
"Version": "oval:org.altlinux.errata:def:20234120",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-4120: package `expat` update to version 2.5.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-4120",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-4120",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00999",
"RefURL": "https://bdu.fstec.ru/vul/2022-00999",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01062",
"RefURL": "https://bdu.fstec.ru/vul/2022-01062",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01063",
"RefURL": "https://bdu.fstec.ru/vul/2022-01063",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01064",
"RefURL": "https://bdu.fstec.ru/vul/2022-01064",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01065",
"RefURL": "https://bdu.fstec.ru/vul/2022-01065",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01071",
"RefURL": "https://bdu.fstec.ru/vul/2022-01071",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01702",
"RefURL": "https://bdu.fstec.ru/vul/2022-01702",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02596",
"RefURL": "https://bdu.fstec.ru/vul/2023-02596",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02688",
"RefURL": "https://bdu.fstec.ru/vul/2023-02688",
"Source": "BDU"
},
{
"RefID": "CVE-2022-23852",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23990",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25235",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25236",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25313",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25314",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25315",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40674",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674",
"Source": "CVE"
},
{
"RefID": "CVE-2022-43680",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
"Source": "CVE"
}
],
"Description": "This update upgrades expat to version 2.5.0-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00999: Уязвимость функции doProlog() библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01062: Уязвимость функции copyString библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01063: Уязвимость компонента xmltok_impl.c библиотеки Expat, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01064: Уязвимость функции build_model библиотеки Expat, связанная с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01065: Уязвимость компонента xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01071: Уязвимость функции storeRawNames библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01702: Уязвимость библиотеки синтаксического анализатора XML libexpat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02596: Уязвимость функции doContent файла xmlparse.c библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02688: Уязвимость функции XML_ExternalEntityParserCreate библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.\n\n * CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.\n\n * CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.\n\n * CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.\n\n * CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.\n\n * CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.\n\n * CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.\n\n * CVE-2022-40674: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\n\n * CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-07-06"
},
"Updated": {
"Date": "2023-07-06"
},
"BDUs": [
{
"ID": "BDU:2022-00999",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-00999",
"Impact": "Critical",
"Public": "20220126"
},
{
"ID": "BDU:2022-01062",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01062",
"Impact": "High",
"Public": "20220221"
},
{
"ID": "BDU:2022-01063",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2022-01063",
"Impact": "Critical",
"Public": "20220221"
},
{
"ID": "BDU:2022-01064",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://bdu.fstec.ru/vul/2022-01064",
"Impact": "Critical",
"Public": "20220221"
},
{
"ID": "BDU:2022-01065",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-668",
"Href": "https://bdu.fstec.ru/vul/2022-01065",
"Impact": "Low",
"Public": "20220221"
},
{
"ID": "BDU:2022-01071",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01071",
"Impact": "High",
"Public": "20220221"
},
{
"ID": "BDU:2022-01702",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01702",
"Impact": "Critical",
"Public": "20220125"
},
{
"ID": "BDU:2023-02596",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-02596",
"Impact": "High",
"Public": "20220914"
},
{
"ID": "BDU:2023-02688",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-02688",
"Impact": "High",
"Public": "20221024"
}
],
"CVEs": [
{
"ID": "CVE-2022-23852",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"Impact": "Critical",
"Public": "20220124"
},
{
"ID": "CVE-2022-23990",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"Impact": "High",
"Public": "20220126"
},
{
"ID": "CVE-2022-25235",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"Impact": "Critical",
"Public": "20220216"
},
{
"ID": "CVE-2022-25236",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"Impact": "Critical",
"Public": "20220216"
},
{
"ID": "CVE-2022-25313",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"Impact": "Low",
"Public": "20220218"
},
{
"ID": "CVE-2022-25314",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2022-25315",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"Impact": "Critical",
"Public": "20220218"
},
{
"ID": "CVE-2022-40674",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674",
"Impact": "High",
"Public": "20220914"
},
{
"ID": "CVE-2022-43680",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
"Impact": "High",
"Public": "20221024"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20234120001",
"Comment": "expat is earlier than 0:2.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234120002",
"Comment": "libexpat is earlier than 0:2.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234120003",
"Comment": "libexpat-devel is earlier than 0:2.5.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink