Login Sign Up

CVE-2022-23990

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2022-23990 is an integer overflow vulnerability in Expat (libexpat) XML parser library that can lead to denial of service or arbitrary code execution. Any application using vulnerable versions of libexpat for XML parsing is affected, particularly web servers, embedded systems, and XML processing tools.

💻 Affected Systems

Products:
  • Expat (libexpat)
  • Applications using libexpat for XML parsing
Versions: All versions before 2.4.4
Operating Systems: Linux, Unix-like systems, Embedded systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable libexpat versions is affected regardless of configuration

📦 What is this software?

Communications Metasolv Solution by Oracle

View all CVEs affecting Communications Metasolv Solution →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Libexpat by Libexpat Project

View all CVEs affecting Libexpat →

Nessus by Tenable

View all CVEs affecting Nessus →

Nessus by Tenable

View all CVEs affecting Nessus →

Sinema Remote Connect Server by Siemens

View all CVEs affecting Sinema Remote Connect Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise

🟠

Likely Case

Denial of service through application crash

🟢

If Mitigated

Limited impact with proper input validation and sandboxing

🌐 Internet-Facing: HIGH - XML parsing is common in web services and can be triggered remotely
🏢 Internal Only: MEDIUM - Internal XML processing tools could be exploited

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires specially crafted XML input to trigger the integer overflow

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.4 and later

Vendor Advisory: https://github.com/libexpat/libexpat/pull/551

Restart Required: Yes

Instructions:

1. Update libexpat to version 2.4.4 or later
2. Recompile applications using libexpat
3. Restart affected services

🔧 Temporary Workarounds

Input validation

all

Validate and sanitize XML input before processing

Memory limits

linux

Set memory limits on XML parsing processes

ulimit -v [LIMIT]

🧯 If You Can't Patch

  • Isolate XML processing services in containers or VMs
  • Implement network segmentation to limit exposure

🔍 How to Verify

Check if Vulnerable:

Check libexpat version with: expat --version or ldd on binary to check linked library version

Check Version:

expat --version | grep -i expat || strings /usr/lib/libexpat.so | grep -i expat

Verify Fix Applied:

Verify libexpat version is 2.4.4 or higher

📡 Detection & Monitoring

Log Indicators:

  • Application crashes during XML parsing
  • Memory allocation failures

Network Indicators:

  • Unusual XML payloads with large element counts

SIEM Query:

search 'XML parsing error' OR 'libexpat crash' OR 'segmentation fault' during XML processing

📊 Metadata

CVE ID: CVE-2022-23990
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-190
Published: January 26, 2022
Last Updated: May 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23990, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)