CVE-2022-23852
CRITICALExpat <2.4.4 - Buffer Overflow
Title source: llmDescription
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Exploits (1)
nomisec
WRITEUP
by Satheesh575555 · poc
https://github.com/Satheesh575555/external_expat_AOSP10_r33_CVE-2022-23852
References (8)
Scores
CVSS v3
9.8
EPSS
0.0171
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-190
Status
published
Products (7)
debian/debian_linux
9.0
libexpat_project/libexpat
< 2.4.4
netapp/clustered_data_ontap
netapp/oncommand_workflow_automation
oracle/communications_metasolv_solution
6.3.1
siemens/sinema_remote_connect_server
< 3.1
tenable/nessus
< 8.15.3
Published
Jan 24, 2022
Tracked Since
Feb 18, 2026