{
  "threat_severity" : "Important",
  "public_date" : "2022-02-19T00:00:00Z",
  "bugzilla" : {
    "description" : "expat: Namespace-separator characters in \"xmlns[:prefix]\" attribute values can lead to arbitrary code execution",
    "id" : "2056370",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2056370"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-179",
  "details" : [ "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.", "A flaw was found in expat. Passing one or more namespace separator characters in the \"xmlns[:prefix]\" attribute values made expat send malformed tag names to the XML processor on top of expat. This issue causes arbitrary code execution depending on how unexpected cases are handled inside the XML processor." ],
  "statement" : "This flaw affects applications that leverage expat to parse untrusted XML files. Applications that only parse trusted XML files or do not process XML files at all are not affected by this flaw.\nThe xmlrpc-c component as shipped with Red Hat Enterprise Linux 8 is not affected by this issue as the issue could not be reproduced in this version.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
    "release_date" : "2022-04-12T00:00:00Z",
    "advisory" : "RHSA-2022:1309",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "expat-0:2.0.1-14.el6_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0824",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "firefox-0:91.7.0-3.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0850",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "thunderbird-0:91.7.0-2.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-03-28T00:00:00Z",
    "advisory" : "RHSA-2022:1069",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "expat-0:2.1.0-14.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0818",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "firefox-0:91.7.0-3.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0845",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "thunderbird-0:91.7.0-2.el8_5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7811",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb",
    "package" : "mingw-expat-0:2.4.8-1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-16T00:00:00Z",
    "advisory" : "RHSA-2022:0951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "expat-0:2.2.5-4.el8_5.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0815",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.1",
    "package" : "firefox-0:91.7.0-3.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0847",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.1",
    "package" : "thunderbird-0:91.7.0-2.el8_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-03-28T00:00:00Z",
    "advisory" : "RHSA-2022:1068",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.1",
    "package" : "expat-0:2.2.5-3.el8_1.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0816",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "firefox-0:91.7.0-3.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0843",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "thunderbird-0:91.7.0-2.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-03-28T00:00:00Z",
    "advisory" : "RHSA-2022:1070",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.2",
    "package" : "expat-0:2.2.5-3.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-03-10T00:00:00Z",
    "advisory" : "RHSA-2022:0817",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4",
    "package" : "firefox-0:91.7.0-3.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-03-14T00:00:00Z",
    "advisory" : "RHSA-2022:0853",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4",
    "package" : "thunderbird-0:91.7.0-2.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-03-22T00:00:00Z",
    "advisory" : "RHSA-2022:1012",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "expat-0:2.2.5-4.el8_4.2"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2022-04-07T00:00:00Z",
    "advisory" : "RHSA-2022:1263",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-virtualization-host-0:4.3.22-20220330.1.el7_9"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2022-03-24T00:00:00Z",
    "advisory" : "RHSA-2022:1053",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.4.10-202203211649_8.5"
  }, {
    "product_name" : "Text-Only JBCS",
    "release_date" : "2022-10-26T00:00:00Z",
    "advisory" : "RHSA-2022:7144",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1",
    "package" : "expat"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "firefox:flatpak/firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "thunderbird:flatpak/thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "xmlrpc-c",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "xmlrpc-c",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-25236\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25236\nhttps://blog.hartwork.org/posts/expat-2-4-5-released/" ],
  "name" : "CVE-2022-25236",
  "mitigation" : {
    "value" : "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content. Please update the affected packages as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}