CVE-2022-23852

Published January 24th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

1

PROJECT

Description

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

libexpat/libexpat

:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub

GitHub

1.34K