CVE-2022-22822: 
Tenable Nessus vulnerability analysis and mitigation

CVE-2022-22822 affects the addBinding function in xmlparse.c in Expat (aka libexpat) versions before 2.4.3. The vulnerability was discovered in January 2022 and involves an integer overflow vulnerability that could lead to security issues (NVD, Expat Blog).

The vulnerability is an integer overflow condition in the addBinding function within xmlparse.c of the Expat XML parsing library. The issue has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level with potential for high impact on confidentiality, integrity, and availability (NVD).

The integer overflow vulnerability could result in denial of service or potentially lead to arbitrary code execution when processing malformed XML files. The high CVSS score indicates severe potential impact on affected systems (Debian Security, Gentoo Security).

The vulnerability has been fixed in Expat version 2.4.3. Users and organizations are strongly advised to upgrade to this version or later. The fix was implemented through a patch that prevents integer overflows in the affected function (GitHub PR, Debian Security).

Multiple vendors and distributions responded to this vulnerability by releasing security advisories and patches, including Debian, Gentoo, and Tenable. The vulnerability was part of a larger security update that addressed multiple integer overflow issues in Expat (Tenable Advisory, Gentoo Security).