Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities
April 14, 2023Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
April 14, 2023Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities
April 14, 2023Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
April 14, 2023Severity
High
Analysis Summary
CVE-2021-45960 CVSS:5.5
Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash.
CVE-2021-46143 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of m_groupSize in doProlog in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22822 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22823 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22824 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22825 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22826 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of nextScaffoldPart in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-22827 CVSS:7.8
Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of storeAtts in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23852 CVSS:9.8
Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-23990 CVSS:9.8
Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2022-25235 CVSS:3.3
libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-25236 CVSS:5.3
libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2022-25313 CVSS:5.5
libexpat is vulnerable to a denial of service, caused by stack exhaustion in build_model. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability using a large nesting depth in the DTD element to cause a denial of service.
CVE-2022-25314 CVSS:7.3
libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the copyString function. By sending an overly-long argument, an attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2022-25315 CVSS:9.8
Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the storeRawNames() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
Impact
- Denial of Service
- Code Execution
- Gain Access
Indicators Of Compromise
CVE
- CVE-2021-45960
- CVE-2021-46143
- CVE-2022-22822
- CVE-2022-22823
- CVE-2022-22824
- CVE-2022-22825
- CVE-2022-22826
- CVE-2022-22827
- CVE-2022-23852
- CVE-2022-23990
- CVE-2022-25235
- CVE-2022-25236
- CVE-2022-25313
- CVE-2022-25314
- CVE-2022-25315
Affected Vendors
Juniper
Affected Products
- Expat Expat 2.4.2
- libexpat libexpat 2.2.0
- libexpat libexpat 2.2.5
- libexpat libexpat 2.2.6
- libexpat libexpat 2.2.4
- libexpat libexpat 2.2.3
- libexpat libexpat 2.2.2
- libexpat libexpat 2.2.1
- libexpat libexpat 2.2.7
- libexpat libexpat 2.4.3
- libexpat libexpat 2.4.4
Remediation
Refer to libexpat GIT Repository for patch, upgrade or suggested workaround information.