pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b1153fc0bf
vuln-list-alt/oval/c9f2/ALT-PU-2023-4107/definitions.json
pepelyaevip 0707cb759b ALT Vulnerability
2024-04-16 14:26:14 +00:00

575 lines
27 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20234107",
"Version": "oval:org.altlinux.errata:def:20234107",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2023-4107: package `expat` update to version 2.5.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2023-4107",
"RefURL": "https://errata.altlinux.org/ALT-PU-2023-4107",
"Source": "ALTPU"
},
{
"RefID": "BDU:2022-00800",
"RefURL": "https://bdu.fstec.ru/vul/2022-00800",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00805",
"RefURL": "https://bdu.fstec.ru/vul/2022-00805",
"Source": "BDU"
},
{
"RefID": "BDU:2022-00999",
"RefURL": "https://bdu.fstec.ru/vul/2022-00999",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01003",
"RefURL": "https://bdu.fstec.ru/vul/2022-01003",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01052",
"RefURL": "https://bdu.fstec.ru/vul/2022-01052",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01058",
"RefURL": "https://bdu.fstec.ru/vul/2022-01058",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01059",
"RefURL": "https://bdu.fstec.ru/vul/2022-01059",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01060",
"RefURL": "https://bdu.fstec.ru/vul/2022-01060",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01062",
"RefURL": "https://bdu.fstec.ru/vul/2022-01062",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01063",
"RefURL": "https://bdu.fstec.ru/vul/2022-01063",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01064",
"RefURL": "https://bdu.fstec.ru/vul/2022-01064",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01065",
"RefURL": "https://bdu.fstec.ru/vul/2022-01065",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01071",
"RefURL": "https://bdu.fstec.ru/vul/2022-01071",
"Source": "BDU"
},
{
"RefID": "BDU:2022-01702",
"RefURL": "https://bdu.fstec.ru/vul/2022-01702",
"Source": "BDU"
},
{
"RefID": "BDU:2022-02823",
"RefURL": "https://bdu.fstec.ru/vul/2022-02823",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02596",
"RefURL": "https://bdu.fstec.ru/vul/2023-02596",
"Source": "BDU"
},
{
"RefID": "BDU:2023-02688",
"RefURL": "https://bdu.fstec.ru/vul/2023-02688",
"Source": "BDU"
},
{
"RefID": "CVE-2013-0340",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340",
"Source": "CVE"
},
{
"RefID": "CVE-2021-45960",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"Source": "CVE"
},
{
"RefID": "CVE-2021-46143",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"Source": "CVE"
},
{
"RefID": "CVE-2022-22822",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"Source": "CVE"
},
{
"RefID": "CVE-2022-22823",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"Source": "CVE"
},
{
"RefID": "CVE-2022-22824",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"Source": "CVE"
},
{
"RefID": "CVE-2022-22825",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"Source": "CVE"
},
{
"RefID": "CVE-2022-22826",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"Source": "CVE"
},
{
"RefID": "CVE-2022-22827",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23852",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"Source": "CVE"
},
{
"RefID": "CVE-2022-23990",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25235",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25236",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25313",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25314",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"Source": "CVE"
},
{
"RefID": "CVE-2022-25315",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"Source": "CVE"
},
{
"RefID": "CVE-2022-40674",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674",
"Source": "CVE"
},
{
"RefID": "CVE-2022-43680",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
"Source": "CVE"
}
],
"Description": "This update upgrades expat to version 2.5.0-alt1. \nSecurity Fix(es):\n\n * BDU:2022-00800: Уязвимость функции defineAttribute файла xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-00805: Уязвимость функции lookupl файла xmlparse.c библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-00999: Уязвимость функции doProlog() библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01003: Уязвимость функции storeAtts() библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01052: Уязвимость функции doProlog (xmlparse.c) библиотеки Expat, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации\n\n * BDU:2022-01058: Уязвимость функции storeAtts (xmlparse.c) библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01059: Уязвимость функции nextScaffoldPart (xmlparse.c) библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01060: Уязвимость функции build_model (xmlparse.c) библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01062: Уязвимость функции copyString библиотеки Expat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01063: Уязвимость компонента xmltok_impl.c библиотеки Expat, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01064: Уязвимость функции build_model библиотеки Expat, связанная с переполнением буфера в стеке, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-01065: Уязвимость компонента xmlparse.c библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01071: Уязвимость функции storeRawNames библиотеки Expat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2022-01702: Уязвимость библиотеки синтаксического анализатора XML libexpat, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2022-02823: Уязвимость функции addBinding() библиотеки Expat, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02596: Уязвимость функции doContent файла xmlparse.c библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2023-02688: Уязвимость функции XML_ExternalEntityParserCreate библиотеки синтаксического анализатора XML libexpat, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2013-0340: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.\n\n * CVE-2021-45960: In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).\n\n * CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.\n\n * CVE-2022-22822: addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n\n * CVE-2022-22823: build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n\n * CVE-2022-22824: defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n\n * CVE-2022-22825: lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n\n * CVE-2022-22826: nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n\n * CVE-2022-22827: storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.\n\n * CVE-2022-23852: Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.\n\n * CVE-2022-23990: Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.\n\n * CVE-2022-25235: xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.\n\n * CVE-2022-25236: xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.\n\n * CVE-2022-25313: In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.\n\n * CVE-2022-25314: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.\n\n * CVE-2022-25315: In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.\n\n * CVE-2022-40674: libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.\n\n * CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.\n\n * #41571: libexpat-devel: упакованы битые конфиги для cmake",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2023-08-12"
},
"Updated": {
"Date": "2023-08-12"
},
"BDUs": [
{
"ID": "BDU:2022-00800",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-00800",
"Impact": "Critical",
"Public": "20220110"
},
{
"ID": "BDU:2022-00805",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-00805",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "BDU:2022-00999",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-00999",
"Impact": "Critical",
"Public": "20220126"
},
{
"ID": "BDU:2022-01003",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-400",
"Href": "https://bdu.fstec.ru/vul/2022-01003",
"Impact": "High",
"Public": "20211230"
},
{
"ID": "BDU:2022-01052",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01052",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "BDU:2022-01058",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01058",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "BDU:2022-01059",
"CVSS": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01059",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "BDU:2022-01060",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01060",
"Impact": "Critical",
"Public": "20220110"
},
{
"ID": "BDU:2022-01062",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01062",
"Impact": "High",
"Public": "20220221"
},
{
"ID": "BDU:2022-01063",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-94",
"Href": "https://bdu.fstec.ru/vul/2022-01063",
"Impact": "Critical",
"Public": "20220221"
},
{
"ID": "BDU:2022-01064",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-121",
"Href": "https://bdu.fstec.ru/vul/2022-01064",
"Impact": "Critical",
"Public": "20220221"
},
{
"ID": "BDU:2022-01065",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"CWE": "CWE-668",
"Href": "https://bdu.fstec.ru/vul/2022-01065",
"Impact": "Low",
"Public": "20220221"
},
{
"ID": "BDU:2022-01071",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01071",
"Impact": "High",
"Public": "20220221"
},
{
"ID": "BDU:2022-01702",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-01702",
"Impact": "Critical",
"Public": "20220125"
},
{
"ID": "BDU:2022-02823",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2022-02823",
"Impact": "Critical",
"Public": "20220110"
},
{
"ID": "BDU:2023-02596",
"CVSS": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-02596",
"Impact": "High",
"Public": "20220914"
},
{
"ID": "BDU:2023-02688",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://bdu.fstec.ru/vul/2023-02688",
"Impact": "High",
"Public": "20221024"
}
],
"CVEs": [
{
"ID": "CVE-2013-0340",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CWE": "CWE-611",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340",
"Impact": "Low",
"Public": "20140121"
},
{
"ID": "CVE-2021-45960",
"CVSS": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-682",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960",
"Impact": "High",
"Public": "20220101"
},
{
"ID": "CVE-2021-46143",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143",
"Impact": "High",
"Public": "20220106"
},
{
"ID": "CVE-2022-22822",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822",
"Impact": "Critical",
"Public": "20220110"
},
{
"ID": "CVE-2022-22823",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823",
"Impact": "Critical",
"Public": "20220110"
},
{
"ID": "CVE-2022-22824",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824",
"Impact": "Critical",
"Public": "20220110"
},
{
"ID": "CVE-2022-22825",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "CVE-2022-22826",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "CVE-2022-22827",
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827",
"Impact": "High",
"Public": "20220110"
},
{
"ID": "CVE-2022-23852",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852",
"Impact": "Critical",
"Public": "20220124"
},
{
"ID": "CVE-2022-23990",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990",
"Impact": "High",
"Public": "20220126"
},
{
"ID": "CVE-2022-25235",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-116",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235",
"Impact": "Critical",
"Public": "20220216"
},
{
"ID": "CVE-2022-25236",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-668",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236",
"Impact": "Critical",
"Public": "20220216"
},
{
"ID": "CVE-2022-25313",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"CWE": "CWE-674",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313",
"Impact": "Low",
"Public": "20220218"
},
{
"ID": "CVE-2022-25314",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314",
"Impact": "High",
"Public": "20220218"
},
{
"ID": "CVE-2022-25315",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315",
"Impact": "Critical",
"Public": "20220218"
},
{
"ID": "CVE-2022-40674",
"CVSS3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674",
"Impact": "High",
"Public": "20220914"
},
{
"ID": "CVE-2022-43680",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-416",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680",
"Impact": "High",
"Public": "20221024"
}
],
"Bugzilla": [
{
"ID": "41571",
"Href": "https://bugzilla.altlinux.org/41571",
"Data": "libexpat-devel: упакованы битые конфиги для cmake"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20234107001",
"Comment": "expat is earlier than 0:2.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234107002",
"Comment": "libexpat is earlier than 0:2.5.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20234107003",
"Comment": "libexpat-devel is earlier than 0:2.5.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink