Changes: Document CVE-2022-22822 to CVE-2022-22827

2025-04-15 00:38:15 +00:00 · 2022-01-07 23:51:14 +01:00 · 2022-01-07 23:51:14 +01:00 · 8e9f6ea08c
commit 8e9f6ea08c
parent 9f93e8036e
1 changed files with 10 additions and 0 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -20,6 +20,16 @@ Release x.x.x xxx xxxxxxxx xx xxxx
                    on variable m_groupSize in function doProlog leading
                    to realloc acting as free.
                    Impact is denial of service or more.
+            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+                    near memory allocation at multiple places.  Mitre assigned
+                    a dedicated CVE for each involved internal C function:
+                    - CVE-2022-22822 for function addBinding
+                    - CVE-2022-22823 for function build_model
+                    - CVE-2022-22824 for function defineAttribute
+                    - CVE-2022-22825 for function lookup
+                    - CVE-2022-22826 for function nextScaffoldPart
+                    - CVE-2022-22827 for function storeAtts
+                    Impact is denial of service or more.

        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19