[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2022-0031":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":30,"duplicates":31,"related":32,"reserved_at":9,"published_at":41,"modified_at":42,"state":9,"summary":43,"references_raw":45,"kevs":66,"epss":9,"epss_history":67,"metrics":68,"affected":69},"MGASA-2022-0031","Updated expat packages fix security vulnerability\n\nIn Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places\nin the storeAtts function in xmlparse.c can lead to realloc misbehavior\n(e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)\n\nIn doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer\noverflow exists for m_groupSize. (CVE-2021-46143)\n\naddBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22822)\n\nbuild_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22823)\n\ndefineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22824)\n\nlookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer\noverflow. (CVE-2022-22825)\n\nnextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22826)\n\nstoreAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an\ninteger overflow. (CVE-2022-22827)\n",null,[],[],[],[14,16,18,20,22,24,26,28],{"_key":15},"CVE-2021-45960",{"_key":17},"CVE-2021-46143",{"_key":19},"CVE-2022-22822",{"_key":21},"CVE-2022-22823",{"_key":23},"CVE-2022-22824",{"_key":25},"CVE-2022-22825",{"_key":27},"CVE-2022-22826",{"_key":29},"CVE-2022-22827",[],[],[33,34,35,36,37,38,39,40],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},"2022-01-25T12:13:11Z","2026-04-16T04:24:08.427499Z",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[46,52,57,62],{"url":47,"sources":48,"tags":50},"https://advisories.mageia.org/MGASA-2022-0031.html",[49],"osv_mageia",[51],"Advisory",{"url":53,"sources":54,"tags":55},"https://bugs.mageia.org/show_bug.cgi?id=29902",[49],[56],"REPORT",{"url":58,"sources":59,"tags":60},"https://blog.hartwork.org/posts/expat-2-4-3-released/",[49],[56,61],"WEB",{"url":63,"sources":64,"tags":65},"https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes",[49],[56,61],[],[],[],[70],{"ecosystem":71,"name":72,"vendor":73,"product":72,"cpe_part":9,"purl_type":74,"purl_namespace":73,"purl_name":72,"source":9,"versions":75},"Mageia","expat","mageia","rpm",[76],{"version":77,"is_range":78,"range_type":79,"version_start":9,"version_start_type":9,"version_end":80,"version_end_type":81,"fixed_in":9},"lt2_2_10_1_1_mga8",true,"ecosystem","2.2.10-1.1.mga8","excluding"]