CVE-2022-40674 use-after-free in expat (used by wxXml)
63 views
Skip to first unread message
Kenneth Porter
Oct 6, 2022, 2:31:37 PM10/6/22
to wxWidgets Development
Heads-up for wxXml users:
<https://nvd.nist.gov/vuln/detail/CVE-2022-40674>
"libexpat before 2.4.9 has a use-after-free in the doContent function in
xmlparse.c."
Note that wxWidgets 3.2.0 was released with expat 2.4.8.
<https://nvd.nist.gov/vuln/detail/CVE-2022-40674>
"libexpat before 2.4.9 has a use-after-free in the doContent function in
xmlparse.c."
Note that wxWidgets 3.2.0 was released with expat 2.4.8.
Vadim Zeitlin
Oct 6, 2022, 8:17:59 PM10/6/22
to wxWidgets Development
On Thu, 06 Oct 2022 11:31:07 -0700 Kenneth Porter wrote:
KP> Heads-up for wxXml users:
KP>
KP> <https://nvd.nist.gov/vuln/detail/CVE-2022-40674>
KP>
KP> "libexpat before 2.4.9 has a use-after-free in the doContent function in
KP> xmlparse.c."
KP>
KP> Note that wxWidgets 3.2.0 was released with expat 2.4.8.
Thanks, I'm not sure what to make of "Undergoing Reanalysis" on the page
above, but it looks like it wouldn't hurt to apply the fix for this problem
in the upstream repository, so I've cherry-picked
https://github.com/libexpat/libexpat/pull/629/commits/4a32da87e931ba54393d465bb77c40b5c33d343b
to master and will also do it for 3.2.
Regards,
VZ
KP> Heads-up for wxXml users:
KP>
KP> <https://nvd.nist.gov/vuln/detail/CVE-2022-40674>
KP>
KP> "libexpat before 2.4.9 has a use-after-free in the doContent function in
KP> xmlparse.c."
KP>
KP> Note that wxWidgets 3.2.0 was released with expat 2.4.8.
Thanks, I'm not sure what to make of "Undergoing Reanalysis" on the page
above, but it looks like it wouldn't hurt to apply the fix for this problem
in the upstream repository, so I've cherry-picked
https://github.com/libexpat/libexpat/pull/629/commits/4a32da87e931ba54393d465bb77c40b5c33d343b
to master and will also do it for 3.2.
Regards,
VZ
Reply all
Reply to author
Forward
0 new messages