OPENSUSE-SU-2022:0713-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 04 Mar 2022, 08:34
Last modified:04 Feb 2026, 03:02
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
04 Mar 2022, 08:34
Published
Vulnerability first disclosed
04 Feb 2026, 03:02
Last Modified
Vulnerability information updated
Description
Security update for expat This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
Affected Systems
- opensuse•expat&distro=openSUSE Leap 15.3
< 2.2.5-3.15.1
References (11)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6H3EOIG3ASUYP7RIHFPOJG3PFJYN54WT/
- https://bugzilla.suse.com/1196025
- https://bugzilla.suse.com/1196026
- https://bugzilla.suse.com/1196168
- https://bugzilla.suse.com/1196169
- https://bugzilla.suse.com/1196171
- https://www.suse.com/security/cve/CVE-2022-25235
- https://www.suse.com/security/cve/CVE-2022-25236
- https://www.suse.com/security/cve/CVE-2022-25313
- https://www.suse.com/security/cve/CVE-2022-25314
- https://www.suse.com/security/cve/CVE-2022-25315