Vulnerabilities > CVE-2022-43680 - Use After Free vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Vulnerable Configurations

Part Description Count
Application
Libexpat_Project
35
Application
Netapp
3
OS
Debian
2
OS
Fedoraproject
3
OS
Netapp
6
Hardware
Netapp
6

Common Weakness Enumeration (CWE)

References