About - K19473898: Expat vulnerabilities CVE-2022-23852, CVE-2022-25235, CVE-2022-25236
Hi Experts , We have BigIP -LTM and ASM module . But how do I determine if we re using Expat Library ?Can someone please help me . Security Advisory Description CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. CVE-2022-25235 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. CVE-2022-25236 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. CVE-2022-25315 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Impact A remote attacker could send specially crafted XML which, when parsed by an application using the Expat library, would result in a buffer over-read and cause the application to stop responding.1.4KViews0likes1Comment