Search for packages
| purl | pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1 |
| Next non-vulnerable version | 2.5.0-1+deb12u2 |
| Latest non-vulnerable version | 2.7.1-1 |
| Risk | 3.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6y74-4uqv-dka3
Aliases: CVE-2024-50602 |
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-a7ry-4dn3-aaan
Aliases: CVE-2023-52426 |
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-bmun-mv6e-aaar
Aliases: CVE-2023-52425 |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-mr2r-p1cb-aaam
Aliases: CVE-2024-28757 |
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-xbh1-6d4r-cbfa
Aliases: CVE-2024-8176 |
libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-6y74-4uqv-dka3 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. |
CVE-2024-50602
|
| VCID-8e29-n224-fqdm | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
CVE-2024-45492
|
| VCID-a7ry-4dn3-aaan | libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. |
CVE-2023-52426
|
| VCID-bmun-mv6e-aaar | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. |
CVE-2023-52425
|
| VCID-k2w7-g7cv-2bhs | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
CVE-2024-45490
|
| VCID-m3u3-h1z5-aaam | expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. |
CVE-2013-0340
|
| VCID-mr2r-p1cb-aaam | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). |
CVE-2024-28757
|
| VCID-s2ze-avjx-q7av | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
CVE-2024-45491
|