CVE-2022-22827: 
Tenable Nessus vulnerability analysis and mitigation

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow vulnerability. This vulnerability was discovered and disclosed in January 2022, affecting multiple versions of the Expat XML parsing library. The issue impacts various systems and software that utilize the Expat library for XML parsing functionality (CVE, Debian Advisory).

The vulnerability exists in the storeAtts function within xmlparse.c file of the Expat library. It is specifically related to integer overflow conditions that occur near memory allocation operations. The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could lead to denial of service conditions or potentially allow for arbitrary code execution when processing malformed XML files. The high severity rating indicates significant potential impact on the confidentiality, integrity, and availability of affected systems (Debian Advisory, Tenable Advisory).

The vulnerability has been fixed in Expat version 2.4.3 and later releases. Users and organizations are advised to upgrade to the patched version. Multiple vendors have released security updates to address this vulnerability, including Debian (version 2.2.10-2+deb11u1 for bullseye) and other distributions (Debian Advisory, Gentoo Advisory).