Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Palo Alto Networks Vulnerabilities
April 14, 2023
Rewterz
Rewterz Threat Alert – Shuckworm APT Group aka Armageddon – Active IOCs
April 14, 2023

Rewterz Threat Advisory – Multiple Juniper Junos OS: (Expat Software Component) Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-45960 CVSS:5.5

Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash.

CVE-2021-46143 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of m_groupSize in doProlog in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22822 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22823 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22824 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22825 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22826 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of nextScaffoldPart in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-22827 CVSS:7.8

Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of storeAtts in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23852 CVSS:9.8

Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-23990 CVSS:9.8

Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the doProlog function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2022-25235 CVSS:3.3

libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-25236 CVSS:5.3

libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2022-25313 CVSS:5.5

libexpat is vulnerable to a denial of service, caused by stack exhaustion in build_model. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability using a large nesting depth in the DTD element to cause a denial of service.

CVE-2022-25314 CVSS:7.3

libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the copyString function. By sending an overly-long argument, an attacker could overflow a buffer and execute arbitrary code on the system.

CVE-2022-25315 CVSS:9.8

Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the storeRawNames() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

Impact

  • Denial of Service
  • Code Execution
  • Gain Access

Indicators Of Compromise

CVE

  • CVE-2021-45960
  • CVE-2021-46143
  • CVE-2022-22822
  • CVE-2022-22823
  • CVE-2022-22824
  • CVE-2022-22825
  • CVE-2022-22826
  • CVE-2022-22827
  • CVE-2022-23852
  • CVE-2022-23990
  • CVE-2022-25235
  • CVE-2022-25236
  • CVE-2022-25313
  • CVE-2022-25314
  • CVE-2022-25315

Affected Vendors

Juniper

Affected Products

  • Expat Expat 2.4.2
  • libexpat libexpat 2.2.0
  • libexpat libexpat 2.2.5
  • libexpat libexpat 2.2.6
  • libexpat libexpat 2.2.4
  • libexpat libexpat 2.2.3
  • libexpat libexpat 2.2.2
  • libexpat libexpat 2.2.1
  • libexpat libexpat 2.2.7
  • libexpat libexpat 2.4.3
  • libexpat libexpat 2.4.4

Remediation

Refer to libexpat GIT Repository for patch, upgrade or suggested workaround information. 

CVE-2021-45960

CVE-2021-46143

CVE-2022-22822

CVE-2022-22823

CVE-2022-22824

CVE-2022-22825

CVE-2022-22826

CVE-2022-22827

CVE-2022-23852

CVE-2022-23990

CVE-2022-25235

CVE-2022-25236

CVE-2022-25313

CVE-2022-25314