About - K19473898: Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236

Question

Hi Experts ,&nbsp;We have BigIP -LTM and ASM module . But how do I determine if we re using Expat Library ?Can someone please help me .&nbsp;&nbsp;&nbsp;Security Advisory DescriptionCVE-2022-23852Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.CVE-2022-25235xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.CVE-2022-25236xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.ImpactA remote attacker could send specially crafted XML which, when parsed by an application using the Expat library, would result in a buffer over-read and cause the application to stop responding.

jeffrey_granier · Answer

Hello,
If your running an TMOS code version thats impacted then it contains those Expat libraries:
&nbsp;

&nbsp;

Forum Discussion

About - K19473898: Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236

Security Advisory Description

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Enhancing Software Security with Rust: A Solution to Common Vulnerabilities

Cyberattacks On Embassies, Threat Actor Using ChatGPT To Write Malware, and MMS Vulnerabilities

OWASP Automated Threats - OAT-014 Vulnerability Scanning

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS