Search for vulnerabilities
Vulnerability details: VCID-a7ry-4dn3-aaan
Vulnerability ID VCID-a7ry-4dn3-aaan
Aliases CVE-2023-52426
Summary libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52426.json
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00019 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00051 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
epss 0.00128 https://api.first.org/data/v1/epss?cve=CVE-2023-52426
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-52426
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-52426
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52426.json
https://api.first.org/data/v1/epss?cve=CVE-2023-52426
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426
https://cwe.mitre.org/data/definitions/776.html
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
https://github.com/libexpat/libexpat/pull/777
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
https://security.netapp.com/advisory/ntap-20240307-0005/
1063240 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063240
2262879 https://bugzilla.redhat.com/show_bug.cgi?id=2262879
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
CVE-2023-52426 https://nvd.nist.gov/vuln/detail/CVE-2023-52426
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52426.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-52426
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-52426
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.03332
EPSS Score 0.00019
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-02-05T08:02:12.531347+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.0rc2