CVE-2022-22827

一、漏洞信息
 漏洞编号：[CVE-2022-22827](https://nvd.nist.gov/vuln/detail/CVE-2022-22827)
 漏洞归属组件：[firefox](https://gitee.com/src-openeuler/firefox)
 漏洞归属的版本：2.2.10,2.2.6,2.2.9,2.4.1
 CVSS V3.0分值：
  BaseScore：8.8 High
  Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
 漏洞简述：
  storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
 漏洞公开时间：2022-01-10 22:12
 漏洞创建时间：2023-07-24 15:52:22
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2022-22827
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| MISC | https://github.com/libexpat/libexpat/pull/539 |  |
| MLIST | http://www.openwall.com/lists/oss-security/2022/01/17/3 |  |
| CONFIRM | https://www.tenable.com/security/tns-2022-05 |  |
| DEBIAN | https://www.debian.org/security/2022/dsa-5073 |  |
| CONFIRM | https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf |  |
| redhat | https://access.redhat.com/security/cve/CVE-2022-22827 |  |
| redhat_bugzilla | https://github.com/libexpat/libexpat/pull/539 |  |
| ubuntu | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827 |  |
| ubuntu | https://github.com/libexpat/libexpat/pull/539 |  |
| ubuntu | https://nvd.nist.gov/vuln/detail/CVE-2022-22827 |  |
| ubuntu | https://launchpad.net/bugs/cve/CVE-2022-22827 |  |
| ubuntu | https://security-tracker.debian.org/tracker/CVE-2022-22827 |  |
| ubuntu | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003474 |  |
| debian | https://security-tracker.debian.org/tracker/CVE-2022-22827 |  |
| oracle | https://www.oracle.com/security-alerts/linuxbulletinapr2022.html |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  其它
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://github.com/libexpat/libexpat/pull/539 |  | MISC |
|  |  | https://github.com/libexpat/libexpat/pull/539 |  | redhat_bugzilla |
|  |  | https://github.com/libexpat/libexpat/pull/539 |  | ubuntu |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
    攻击者通过本地攻击的方式，利用精心制作的xml文件，攻击过程需要进行交互，触发漏洞的xml文件需要大于2GB的大小，触发函数storeAtts中存在的整数溢出的漏洞。攻击成功主要威胁系统的机密性、可用性。 
 openEuler评分：
  8.8
 Vector：CVSS：3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP1(79.0):受影响
2.openEuler-20.03-LTS-SP3(79.0):受影响
3.openEuler-22.03-LTS(102.11.0):不受影响
4.openEuler-22.03-LTS-SP1(102.11.0):不受影响
5.openEuler-22.03-LTS-SP2(102.11.0):不受影响

修复是否涉及abi变化(是/否)：
  1.openEuler-20.03-LTS-SP1(79.0):否
2.openEuler-20.03-LTS-SP3(79.0):否
3.openEuler-22.03-LTS(102.11.0):否
4.openEuler-22.03-LTS-SP1(102.11.0):否
5.openEuler-22.03-LTS-SP2(102.11.0):否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2023-1465

src-openEuler/firefox
关闭

内容风险标识

评论 (6)

src-openEuler/firefox关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2022-22827

评论 (6)

搜索帮助

src-openEuler/firefox
关闭