{
  "threat_severity" : "Moderate",
  "public_date" : "2022-02-19T00:00:00Z",
  "bugzilla" : {
    "description" : "expat: Stack exhaustion in doctype parsing",
    "id" : "2056350",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2056350"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-776",
  "details" : [ "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.", "A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service." ],
  "statement" : "This flaw affects applications that leverage expat to parse untrusted XML files. Applications which only parse trusted XML files or do not process XML files at all are not affected by this flaw.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7811",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::crb",
    "package" : "mingw-expat-0:2.4.8-1.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-30T00:00:00Z",
    "advisory" : "RHSA-2022:5314",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "expat-0:2.2.5-8.el8_6.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2025-12-09T00:00:00Z",
    "advisory" : "RHSA-2025:22871",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "expat-0:2.2.10-1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22785",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "expat-0:2.2.10-1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2025-12-04T00:00:00Z",
    "advisory" : "RHSA-2025:22785",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "expat-0:2.2.10-1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-01T00:00:00Z",
    "advisory" : "RHSA-2022:5244",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "expat-0:2.2.10-12.el9_0.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-01T00:00:00Z",
    "advisory" : "RHSA-2022:5244",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "expat-0:2.2.10-12.el9_0.2"
  }, {
    "product_name" : "Text-Only JBCS",
    "release_date" : "2022-10-26T00:00:00Z",
    "advisory" : "RHSA-2022:7144",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1",
    "package" : "expat"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "firefox:flatpak/firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "thunderbird:flatpak/thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "xmlrpc-c",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "thunderbird",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "xmlrpc-c",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-25313\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-25313\nhttps://blog.hartwork.org/posts/expat-2-4-5-released/" ],
  "name" : "CVE-2022-25313",
  "mitigation" : {
    "value" : "There is no known mitigation other than restricting applications using the expat library from processing untrusted XML content.",
    "lang" : "en:us"
  },
  "csaw" : false
}