You are here
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c
Submitted on 14. October 2022 - 17:46 by rischi.
Last update on 18. October 2022 - 9:58.
Last update on 18. October 2022 - 9:58.
IDs:
CVE-2022-40674
Keywords:
mod_dav, libexpat, xml
Description:
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Airlock Gateway is not affected.
Details:
libexpat is an XML parser. The parser is used exclusively by mod_dav in Apache HTTP Server. The library is installed on Airlock Gateway because it is a hard dependency of Apache HTTP Server. Since mod_dav is not used in Airlock Gateway the vulnerability can not be exploited.
Resolution:
No action required.
Airlock Vulnerability Status:
Does not affect Airlock
Back-end Vulnerability Status:
Does not affect back-end behind Airlock