CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
apache2	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
apr-util	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
ayttm	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
cableswig	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
cadaver	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
cmake	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored end of standard support
coin3	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation
expat	24.10 oracular	Fixed 2.5.0-1
	24.04 LTS noble	Fixed 2.5.0-1
	23.10 mantic	Fixed 2.5.0-1
	23.04 lunar	Fixed 2.5.0-1
	22.10 kinetic	Fixed 2.4.8-2ubuntu0.22.10.1
	22.04 LTS jammy	Fixed 2.4.7-1ubuntu0.2
	20.04 LTS focal	Fixed 2.2.9-1ubuntu0.6
	18.04 LTS bionic	Fixed 2.2.5-3ubuntu0.8
	16.04 LTS xenial	Fixed 2.1.0-7ubuntu0.16.04.5+esm7 Ubuntu Pro
	14.04 LTS trusty	Fixed 2.1.0-4ubuntu1.4+esm7 Ubuntu Pro
firefox	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Ignored bundled deps handled by upstream in new versions
	18.04 LTS bionic	Ignored end of standard support, was needs-triage
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Ignored end of standard support
gdcm	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Not affected
ghostscript	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored end of standard support
insighttoolkit	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
insighttoolkit4	24.10 oracular	Not in release
	24.04 LTS noble	Not in release
	23.10 mantic	Not in release
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
libxmltok	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
matanza	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
smart	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored end of standard support
swish-e	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
tdom	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
texlive-bin	24.10 oracular	Not affected
	24.04 LTS noble	Not affected
	23.10 mantic	Not affected
	23.04 lunar	Not affected
	22.10 kinetic	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected
	14.04 LTS trusty	Ignored end of standard support
thunderbird	24.10 oracular	Ignored bundled deps handled by upstream in new versions
	24.04 LTS noble	Ignored bundled deps handled by upstream in new versions
	23.10 mantic	Ignored end of life, was ignored [bundled deps handled by upstream in new versions]
	23.04 lunar	Ignored end of life, was ignored [bundled deps handled by upstream in new versions]
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Ignored bundled deps handled by upstream in new versions
	20.04 LTS focal	Ignored bundled deps handled by upstream in new versions
	18.04 LTS bionic	Ignored end of standard support, was needs-triage
	16.04 LTS xenial	Ignored end of standard support
	14.04 LTS trusty	Ignored end of standard support
vnc4	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation
vtk	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not in release
	18.04 LTS bionic	Not in release
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation
wbxml2	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Ignored end of standard support
xmlrpc-c	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	23.10 mantic	Ignored end of life, was needs-triage
	23.04 lunar	Ignored end of life, was needs-triage
	22.10 kinetic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

Get expanded security coverage with Ubuntu Pro

Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.

Get Ubuntu Pro

Notes

sbeattie

paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!)

mdeslaur

apache2 uses system expat apr-util uses system expat cmake uses system expat ghostscript uses system expat

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
expat	Upstream: 56967f8

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Related Ubuntu Security Notices (USN)

USN-5638-2
Expat vulnerabilities
17 November 2022

USN-5638-3
Expat vulnerability
23 November 2022

USN-5638-4
Expat vulnerabilities
28 February 2023