OpenWrt 22.03 expat - CVE-2022-43680/CVE-2022-40674

Peter Naulls peter at chocky.org
Tue Nov 8 11:26:39 PST 2022


The 2.4.9 version of expat in OpenWrt 22.03 contains the following CVEs:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43680
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674

Suggest either update to 2.5.0 (as per master) or application of the upstream 
patches, etc:

https://github.com/libexpat/libexpat/pull/616
https://github.com/libexpat/libexpat/pull/650







More information about the openwrt-devel mailing list