CVE-2022-22823
Description
RHSA-2022:7692: xmlrpc-c security update (Moderate)
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description expat: Integer overflow in build_model in xmlparse.c Red Hat statement This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2<sup>29</sup> prefixed attributes), can lead to undefined behavior, memory mismanagement, andβ¦
Description
expat: Integer overflow in build_model in xmlparse.c
Red Hat statement
This is an important rather than a critical vulnerability due to its practical limitations. The flaw arises from unsafe left-shift operations in storeAtts() within libexpat, which, under extreme conditions (e.g., over 2<sup>29</sup> prefixed attributes), can lead to undefined behavior, memory mismanagement, and denial-of-service (DoS). However, exploitation requires specially crafted XML payloads several gigabytes in size (~6.5 GiB), which makes remote exploitation unlikely in real-world environments due to common upload limits and resource constraints. There is no evidence of arbitrary code execution, memory corruption leading to privilege escalation, or data leaks.
CVSS v3: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 7 | firefox-0:91.7.0-3.el7_9 | RHSA-2022:0824 | 2022-03-10T00:00:00Z |
| Red Hat Enterprise Linux 7 | thunderbird-0:91.7.0-2.el7_9 | RHSA-2022:0850 | 2022-03-14T00:00:00Z |
| Red Hat Enterprise Linux 7 | expat-0:2.1.0-14.el7_9 | RHSA-2022:1069 | 2022-03-28T00:00:00Z |
| Red Hat Enterprise Linux 8 | firefox-0:91.7.0-3.el8_5 | RHSA-2022:0818 | 2022-03-10T00:00:00Z |
| Red Hat Enterprise Linux 8 | thunderbird-0:91.7.0-2.el8_5 | RHSA-2022:0845 | 2022-03-14T00:00:00Z |
| Red Hat Enterprise Linux 8 | expat-0:2.2.5-4.el8_5.3 | RHSA-2022:0951 | 2022-03-16T00:00:00Z |
| Red Hat Enterprise Linux 8 | xmlrpc-c-0:1.51.0-8.el8 | RHSA-2022:7692 | 2022-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | expat-0:2.2.10-1.el8_2 | RHSA-2025:22871 | 2025-12-09T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | expat-0:2.2.10-1.el8_4 | RHSA-2025:22785 | 2025-12-04T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | expat-0:2.2.10-1.el8_4 | RHSA-2025:22785 | 2025-12-04T00:00:00Z |
| Red Hat Enterprise Linux 9 | expat-0:2.2.10-12.el9_0 | RHBA-2022:4046 | 2022-05-17T00:00:00Z |
| Red Hat Enterprise Linux 9 | expat-0:2.2.10-12.el9_0 | RHBA-2022:4046 | 2022-05-17T00:00:00Z |
| Text-Only JBCS | expat | RHSA-2022:7144 | 2022-10-26T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | expat | Out of support scope |
| Red Hat Enterprise Linux 6 | firefox | Out of support scope |
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope |
| Red Hat Enterprise Linux 6 | xulrunner | Out of support scope |
| Red Hat Enterprise Linux 7 | xulrunner | Will not fix |
| Red Hat Enterprise Linux 9 | firefox | Not affected |
| Red Hat Enterprise Linux 9 | thunderbird | Not affected |
| Red Hat Enterprise Linux 9 | xmlrpc-c | Not affected |
Apply commands
yum update -y firefox
# or:
dnf upgrade -y firefoxAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 9 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Not affected |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| debian | bookworm | fixed | 2.4.3-1 |
| debian | bullseye | fixed | 2.2.10-2+deb11u1 |
| debian | forky | fixed | 2.4.3-1 |
| debian | sid | fixed | 2.4.3-1 |
| debian | trixie | fixed | 2.4.3-1 |
| sles | affected | | |
| rocky | 8 | fixed | |
| almalinux | 8 | fixed | xmlrpc-c-1.51.0-8.el8.i686.rpm |
| rhel | 8 | fixed | |
References
- https://access.redhat.com/errata/RHBA-2022:4046
- https://security-tracker.debian.org/tracker/CVE-2022-22823
- https://errata.rockylinux.org/RLSA-2022:7692
- https://www.suse.com/security/cve/CVE-2022-22823.html
- https://errata.rockylinux.org/RLSA-2022:0951
- https://access.redhat.com/errata/RHSA-2022:7692
- https://bugzilla.redhat.com/2044455
- https://bugzilla.redhat.com/2044457
- https://bugzilla.redhat.com/2044464
- https://bugzilla.redhat.com/2044467
- https://bugzilla.redhat.com/2044479
- https://bugzilla.redhat.com/2044484
- https://bugzilla.redhat.com/2044488
- https://errata.almalinux.org/8/ALSA-2022-7692.html
- https://access.redhat.com/errata/RHSA-2022:0951
- https://bugzilla.redhat.com/2044451
- https://bugzilla.redhat.com/2044613
- https://bugzilla.redhat.com/2056363
- https://bugzilla.redhat.com/2056366
- https://bugzilla.redhat.com/2056370
- https://errata.almalinux.org/8/ALSA-2022-0951.html
- https://access.redhat.com/errata/RHSA-2022:0818
- https://access.redhat.com/errata/RHSA-2022:0845
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.