Changes: Document CVE-2022-22822 to CVE-2022-22827prevent-more-integer-overflows

author: Sebastian Pipping <sebastian@pipping.org> 2022-01-07 23:51:14 +0100
committer: Sebastian Pipping <sebastian@pipping.org> 2022-01-12 17:01:55 +0100
commit: 8e9f6ea08c0fdded06efcc4c124872bb4c82c89e (patch)
tree: 1a09e20612cef979877ca0e15df9ac796d56f54b
parent: 9f93e8036e842329863bf20395b8fb8f73834d9e (diff)
download: libexpat-git-prevent-more-integer-overflows.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes
index 98d4f53c..d035bad6 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -20,6 +20,16 @@ Release x.x.x xxx xxxxxxxx xx xxxx
                     on variable m_groupSize in function doProlog leading
                     to realloc acting as free.
                     Impact is denial of service or more.
+            #539  CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+                    near memory allocation at multiple places.  Mitre assigned
+                    a dedicated CVE for each involved internal C function:
+                    - CVE-2022-22822 for function addBinding
+                    - CVE-2022-22823 for function build_model
+                    - CVE-2022-22824 for function defineAttribute
+                    - CVE-2022-22825 for function lookup
+                    - CVE-2022-22826 for function nextScaffoldPart
+                    - CVE-2022-22827 for function storeAtts
+                    Impact is denial of service or more.
 
         Other changes:
             #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
author	Sebastian Pipping <sebastian@pipping.org>	2022-01-07 23:51:14 +0100
committer	Sebastian Pipping <sebastian@pipping.org>	2022-01-12 17:01:55 +0100
commit	8e9f6ea08c0fdded06efcc4c124872bb4c82c89e (patch)
tree	1a09e20612cef979877ca0e15df9ac796d56f54b
parent	9f93e8036e842329863bf20395b8fb8f73834d9e (diff)
download	libexpat-git-prevent-more-integer-overflows.tar.gz