system/expat: CVE-2022-43680: In libexpat through 2.4.9, there is a use-after free in out-of-memory situations.
Hyperlink | Resource |
---|---|
https://github.com/libexpat/libexpat/issues/649 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/libexpat/libexpat/pull/616 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/libexpat/libexpat/pull/650 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html | |
https://security.gentoo.org/glsa/202210-38 | |
https://www.debian.org/security/2022/dsa-5266 |
This was found on x86_64, as the tarball has been renamed:
>>> expat: Fetching https://downloads.sourceforge.net/project/expat/expat/2.4.9/expat-2.4.9.tar.bz2
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0^M 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found