Details of VAR-202202-0050

ID

VAR-202202-0050

CVE

CVE-2022-25235

TITLE

Expat Code injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202202-1315

DESCRIPTION

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Summary: The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page 5. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (BZ#2048407) * Rebase package(s) to version: libvirt-7.6.0-6.1.module+el8.5.0+14474+b3410d40 Highlights and important bug fixes: consume libvirt fix for failure to connect socket to '/run/libvirt/virtlogd-sock' - possibly caused by too many open files from libvirtd. (BZ#2057048) 4. Description: Expat is a C library for parsing XML documents. 8.1) - ppc64le, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.7.0 ESR. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: xmlrpc-c security update Advisory ID: RHSA-2022:1540-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1540 Issue date: 2022-04-26 CVE Names: CVE-2022-25235 ===================================================================== 1. Summary: An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML. Security Fix(es): * expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution (CVE-2022-25235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2056366 - CVE-2022-25235 expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution 6. Package List: Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: xmlrpc-c-1.51.0-5.el8_2.1.src.rpm aarch64: xmlrpc-c-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.aarch64.rpm ppc64le: xmlrpc-c-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.ppc64le.rpm s390x: xmlrpc-c-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.s390x.rpm x86_64: xmlrpc-c-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v. 8.2): aarch64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.aarch64.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.aarch64.rpm ppc64le: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.ppc64le.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.ppc64le.rpm s390x: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.s390x.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.s390x.rpm x86_64: xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-apps-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-c++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client++-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-client-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debuginfo-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-debugsource-1.51.0-5.el8_2.1.x86_64.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.i686.rpm xmlrpc-c-devel-1.51.0-5.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYmga9tzjgjWX9erEAQiBNg/9GM5tS+fh5NKoFDWH6r0YxnVsL2IPedN1 AV1KYGoJsAPU1z0MtZixPj5dNxKqcSomgl7GpLO4jkOKMhHktCipVS5tOzpGspY5 nAUKk5ANRH7AeQUJAnP0IaO28cVVerLZvk/ZxA5XcXCcdM8WofjQ8aXKk69T6ctX rKWR9Xw7MpOXxpV9xu2t+eU4MGeuONfqNclUYolUFpYv6JrPdzLCWmXNixCQGAPW D9d2gbLt80L+Z5JkBzZWSkSpItrQs3BD6wcgQIFxl7tgbOlsgo4H7qX4N4g1QgL+ 1V4E+fxlhnAg0vL4g7RG+GkfEesjJXEiUWFbd02beqWy4+G2B1GEYdH0HCp5NffH Y1RRz2hmaOh4QRBNnpvLQvKazqyGrLnk8bAQQIiYjNqceqR4IKYSMYlsHes7v1MJ 7/k6EKs3FrXlcJWpjwNXt2xHWw5Py9rIrlEMiS4ag0tbAhFPscs0TkFeAPCxSVtr oZRTOhwv/wHUb57/V9xMDr6POK5rLB3I2mb8L61169/ph+BM4NIziaDfr4q/5nvx oqWuxe99Q1GTX6+AoeGlZLkp4GY11/tRT+ZaLvNqsWZV98FUeJcXJAh/X0qaYcuF xAI5xHHv56GPOqGMwxEZO17TxeA35WDLvsYjM3mVfLblWsM4FGjKVBdqMBR9o0rn SA1L555kQjg= =Cvpq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.71

sources: NVD: CVE-2022-25235 // VULHUB: VHN-415126 // PACKETSTORM: 166976 // PACKETSTORM: 166453 // PACKETSTORM: 166348 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166845

AFFECTED PRODUCTS

vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.4.5	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0

sources: NVD: CVE-2022-25235

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25235
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2022-25235
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202202-1315
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-415126
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-25235
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-415126
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-25235
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-415126 // CNNVD: CNNVD-202202-1315 // NVD: CVE-2022-25235 // NVD: CVE-2022-25235

PROBLEMTYPE DATA

problemtype:

CWE-116

Trust: 1.1

sources: VULHUB: VHN-415126 // NVD: CVE-2022-25235

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 166845 // CNNVD: CNNVD-202202-1315

TYPE

overflow, code execution

Trust: 0.6

sources: PACKETSTORM: 166453 // PACKETSTORM: 166348 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25235	Trust: 2.5
db:	SIEMENS	id:	SSA-484086	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2022/02/19/1	Trust: 1.7
db:	PACKETSTORM	id:	166453	Trust: 0.8
db:	PACKETSTORM	id:	166348	Trust: 0.8
db:	PACKETSTORM	id:	166275	Trust: 0.8
db:	PACKETSTORM	id:	167226	Trust: 0.7
db:	PACKETSTORM	id:	166500	Trust: 0.7
db:	PACKETSTORM	id:	166296	Trust: 0.7
db:	PACKETSTORM	id:	167008	Trust: 0.7
db:	PACKETSTORM	id:	166983	Trust: 0.7
db:	PACKETSTORM	id:	166954	Trust: 0.7
db:	PACKETSTORM	id:	169777	Trust: 0.7
db:	PACKETSTORM	id:	166437	Trust: 0.7
db:	PACKETSTORM	id:	166414	Trust: 0.7
db:	PACKETSTORM	id:	168578	Trust: 0.7
db:	PACKETSTORM	id:	166845	Trust: 0.7
db:	PACKETSTORM	id:	166703	Trust: 0.6
db:	PACKETSTORM	id:	166638	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0934	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1677	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5749	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.5666	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4174	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1154	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1507	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0946	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1861	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1579	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0749	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.0785.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1295	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1023	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1263	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2024	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1069	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2607	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2476	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3299	Trust: 0.6
db:	CS-HELP	id:	SB2022040715	Trust: 0.6
db:	CS-HELP	id:	SB2022050424	Trust: 0.6
db:	CS-HELP	id:	SB2022033002	Trust: 0.6
db:	CS-HELP	id:	SB2022070605	Trust: 0.6
db:	CS-HELP	id:	SB2022032224	Trust: 0.6
db:	CS-HELP	id:	SB2022032922	Trust: 0.6
db:	CS-HELP	id:	SB2022060617	Trust: 0.6
db:	CS-HELP	id:	SB2022032445	Trust: 0.6
db:	CS-HELP	id:	SB2022052423	Trust: 0.6
db:	CS-HELP	id:	SB2022031020	Trust: 0.6
db:	CS-HELP	id:	SB2022060122	Trust: 0.6
db:	CS-HELP	id:	SB2022031627	Trust: 0.6
db:	CS-HELP	id:	SB2022032005	Trust: 0.6
db:	CS-HELP	id:	SB2022022109	Trust: 0.6
db:	CS-HELP	id:	SB2022031428	Trust: 0.6
db:	CS-HELP	id:	SB2022051320	Trust: 0.6
db:	CS-HELP	id:	SB2022031108	Trust: 0.6
db:	CS-HELP	id:	SB2022042116	Trust: 0.6
db:	CS-HELP	id:	SB2022022416	Trust: 0.6
db:	CS-HELP	id:	SB2022072710	Trust: 0.6
db:	CS-HELP	id:	SB2022032843	Trust: 0.6
db:	CS-HELP	id:	SB2022042629	Trust: 0.6
db:	CS-HELP	id:	SB2022022411	Trust: 0.6
db:	CS-HELP	id:	SB2022061722	Trust: 0.6
db:	CS-HELP	id:	SB2022041954	Trust: 0.6
db:	CS-HELP	id:	SB2022072065	Trust: 0.6
db:	CS-HELP	id:	SB2022072607	Trust: 0.6
db:	CS-HELP	id:	SB2022041272	Trust: 0.6
db:	ICS CERT	id:	ICSA-22-167-17	Trust: 0.6
db:	CNNVD	id:	CNNVD-202202-1315	Trust: 0.6
db:	PACKETSTORM	id:	166277	Trust: 0.2
db:	PACKETSTORM	id:	166276	Trust: 0.2
db:	PACKETSTORM	id:	166274	Trust: 0.2
db:	PACKETSTORM	id:	166293	Trust: 0.1
db:	PACKETSTORM	id:	166433	Trust: 0.1
db:	PACKETSTORM	id:	166505	Trust: 0.1
db:	PACKETSTORM	id:	166496	Trust: 0.1
db:	PACKETSTORM	id:	166298	Trust: 0.1
db:	PACKETSTORM	id:	166261	Trust: 0.1
db:	PACKETSTORM	id:	166291	Trust: 0.1
db:	PACKETSTORM	id:	166300	Trust: 0.1
db:	CNVD	id:	CNVD-2022-18356	Trust: 0.1
db:	VULHUB	id:	VHN-415126	Trust: 0.1
db:	PACKETSTORM	id:	166976	Trust: 0.1

sources: VULHUB: VHN-415126 // PACKETSTORM: 166976 // PACKETSTORM: 166453 // PACKETSTORM: 166348 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166845 // CNNVD: CNNVD-202202-1315 // NVD: CVE-2022-25235

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20220303-0008/	Trust: 1.7
url:	https://www.debian.org/security/2022/dsa-5085	Trust: 1.7
url:	https://security.gentoo.org/glsa/202209-24	Trust: 1.7
url:	https://github.com/libexpat/libexpat/pull/562	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2022/02/19/1	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2022-25235	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25235	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/	Trust: 1.0
url:	https://access.redhat.com/security/team/contact/	Trust: 0.8
url:	https://bugzilla.redhat.com/):	Trust: 0.8
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ufrba3uqviqkxtbuqxdwqovwnbkleru/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y27xo3jmkaomqzvps3b4mjgeahczf5om/	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2022-25236	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2022-25315	Trust: 0.7
url:	https://access.redhat.com/security/team/key/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25236	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25315	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-22-167-17	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072710	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1295	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022416	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022411	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022040715	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4174	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070605	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2476	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032224	Trust: 0.6
url:	https://packetstormsecurity.com/files/166703/red-hat-security-advisory-2022-1309-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5666	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.5749	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022022109	Trust: 0.6
url:	https://packetstormsecurity.com/files/166845/red-hat-security-advisory-2022-1540-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060617	Trust: 0.6
url:	https://packetstormsecurity.com/files/166296/red-hat-security-advisory-2022-0847-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166638/red-hat-security-advisory-2022-1263-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166954/red-hat-security-advisory-2022-1622-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0749	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0946	Trust: 0.6
url:	https://packetstormsecurity.com/files/166500/red-hat-security-advisory-2022-1068-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167226/red-hat-security-advisory-2022-4668-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0785.2	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3299	Trust: 0.6
url:	https://packetstormsecurity.com/files/167008/red-hat-security-advisory-2022-1747-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166437/red-hat-security-advisory-2022-1039-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1677	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022050424	Trust: 0.6
url:	https://packetstormsecurity.com/files/166983/red-hat-security-advisory-2022-1739-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031428	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031627	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1154	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041272	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2607	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022041954	Trust: 0.6
url:	https://vigilance.fr/vulnerability/expat-five-vulnerabilities-37608	Trust: 0.6
url:	https://packetstormsecurity.com/files/166348/red-hat-security-advisory-2022-0951-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/166275/red-hat-security-advisory-2022-0816-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032843	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1507	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051320	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.0934	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032922	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072607	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032005	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022032445	Trust: 0.6
url:	https://packetstormsecurity.com/files/169777/red-hat-security-advisory-2022-7811-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/168578/gentoo-linux-security-advisory-202209-24.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1069	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1861	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1023	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072065	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1263	Trust: 0.6
url:	https://packetstormsecurity.com/files/166453/red-hat-security-advisory-2022-1053-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042116	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022061722	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031020	Trust: 0.6
url:	https://packetstormsecurity.com/files/166414/red-hat-security-advisory-2022-1012-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022042629	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022033002	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060122	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022031108	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2024	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052423	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1579	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2022-26485	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-26386	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-26387	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26386	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26383	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26486	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26387	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26381	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-26384	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-26383	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26485	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-26486	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26384	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2022-26381	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22825	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-22825	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-22827	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-22823	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-46143	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22826	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46143	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22827	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-22824	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22823	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-45960	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22824	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-22826	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-22822	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2022-23852	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22822	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2021-45960	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-31566	Trust: 0.1
url:	https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0392	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23177	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23218	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-23177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0318	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44717	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0261	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23308	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41190	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44717	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0359	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0413	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44716	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23218	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-44716	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41772	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0359	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25636	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0413	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0361	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-4028	Trust: 0.1
url:	https://docs.openshift.com/container-platform/4.10/migration_toolkit_for_containers/mtc-release-notes.html	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1734	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0261	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0392	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-4028	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41772	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-41771	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-0778	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-23219	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31566	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-0318	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1053	Trust: 0.1
url:	https://access.redhat.com/articles/2974891	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0951	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23852	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0818	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0815	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0816	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:0817	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:1540	Trust: 0.1

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 166976 // PACKETSTORM: 166453 // PACKETSTORM: 166348 // PACKETSTORM: 166277 // PACKETSTORM: 166276 // PACKETSTORM: 166275 // PACKETSTORM: 166274 // PACKETSTORM: 166845

SOURCES

db:	VULHUB	id:	VHN-415126
db:	PACKETSTORM	id:	166976
db:	PACKETSTORM	id:	166453
db:	PACKETSTORM	id:	166348
db:	PACKETSTORM	id:	166277
db:	PACKETSTORM	id:	166276
db:	PACKETSTORM	id:	166275
db:	PACKETSTORM	id:	166274
db:	PACKETSTORM	id:	166845
db:	CNNVD	id:	CNNVD-202202-1315
db:	NVD	id:	CVE-2022-25235

LAST UPDATE DATE

2026-03-30T20:12:15.961000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-415126	date:	2022-10-07T00:00:00
db:	CNNVD	id:	CNNVD-202202-1315	date:	2022-11-10T00:00:00
db:	NVD	id:	CVE-2022-25235	date:	2025-05-05T17:18:00.623

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-415126	date:	2022-02-16T00:00:00
db:	PACKETSTORM	id:	166976	date:	2022-05-05T17:35:22
db:	PACKETSTORM	id:	166453	date:	2022-03-25T15:19:32
db:	PACKETSTORM	id:	166348	date:	2022-03-17T15:51:32
db:	PACKETSTORM	id:	166277	date:	2022-03-11T16:37:50
db:	PACKETSTORM	id:	166276	date:	2022-03-11T16:37:42
db:	PACKETSTORM	id:	166275	date:	2022-03-11T16:37:32
db:	PACKETSTORM	id:	166274	date:	2022-03-11T16:37:24
db:	PACKETSTORM	id:	166845	date:	2022-04-27T17:30:31
db:	CNNVD	id:	CNNVD-202202-1315	date:	2022-02-16T00:00:00
db:	NVD	id:	CVE-2022-25235	date:	2022-02-16T01:15:07.607