{"schema_version":"1.7.2","id":"OESA-2024-1815","modified":"2024-07-05T11:08:27Z","published":"2024-07-05T11:08:27Z","upstream":["CVE-2021-45960","CVE-2022-25235"],"summary":"mozjs78 security update","details":"Security Fix(es):\r\n\r\nIn Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960)\r\n\r\nxmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.(CVE-2022-25235)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"mozjs78","purl":"pkg:rpm/openEuler/mozjs78\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.4.0-9.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["mozjs78-78.4.0-9.oe2003sp4.aarch64.rpm","mozjs78-debuginfo-78.4.0-9.oe2003sp4.aarch64.rpm","mozjs78-debugsource-78.4.0-9.oe2003sp4.aarch64.rpm","mozjs78-devel-78.4.0-9.oe2003sp4.aarch64.rpm"],"noarch":["mozjs78-help-78.4.0-9.oe2003sp4.noarch.rpm"],"src":["mozjs78-78.4.0-9.oe2003sp4.src.rpm"],"x86_64":["mozjs78-78.4.0-9.oe2003sp4.x86_64.rpm","mozjs78-debuginfo-78.4.0-9.oe2003sp4.x86_64.rpm","mozjs78-debugsource-78.4.0-9.oe2003sp4.x86_64.rpm","mozjs78-devel-78.4.0-9.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1815"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45960"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25235"}],"database_specific":{"severity":"Critical"}}