diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-02-08 17:18:00 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sebastian@pipping.org> | 2022-02-18 18:04:27 +0100 |
| commit | c16300f0bc4318f31f9e27eb2702ddbffe086fea (patch) | |
| tree | 6e699421a26247924bf6c250486bc83917e78e08 | |
| parent | 6a5510bc6b7efe743356296724e0b38300f05379 (diff) | |
| download | libexpat-git-c16300f0bc4318f31f9e27eb2702ddbffe086fea.tar.gz | |
Changes: Document CVE-2022-25235
| -rw-r--r-- | expat/Changes | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes index 6198e4ff..2a898778 100644 --- a/expat/Changes +++ b/expat/Changes @@ -4,6 +4,13 @@ NOTE: We are looking for help with a few things: Release X.X.X XXX XXXXXXX XX XXXX Security fixes: + #562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8 + sequences (e.g. from start tag names) to the XML + processing application on top of Expat can cause + arbitrary damage (e.g. code execution) depending + on how invalid UTF-8 is handled inside the XML + processor; validation was not their job but Expat's. + Exploits with code execution are known to exist. #561 CVE-2022-25236 -- Passing (one or more) namespace separator characters in "xmlns[:prefix]" attribute values made Expat send malformed tag names to the XML |