Total
37 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-45490 | 1 Libexpat Project | 1 Libexpat | 2024-10-18 | N/A | 7.5 HIGH |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | |||||
CVE-2024-45492 | 1 Libexpat Project | 1 Libexpat | 2024-09-04 | N/A | 9.8 CRITICAL |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |||||
CVE-2024-45491 | 1 Libexpat Project | 1 Libexpat | 2024-09-04 | N/A | 9.8 CRITICAL |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |||||
CVE-2023-52425 | 1 Libexpat Project | 1 Libexpat | 2024-08-26 | N/A | 7.5 HIGH |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | |||||
CVE-2023-52426 | 1 Libexpat Project | 1 Libexpat | 2024-03-07 | N/A | 5.5 MEDIUM |
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | |||||
CVE-2022-43680 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 18 Debian Linux, Fedora, Libexpat and 15 more | 2024-02-28 | N/A | 7.5 HIGH |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | |||||
CVE-2022-40674 | 3 Debian, Fedoraproject, Libexpat Project | 3 Debian Linux, Fedora, Libexpat | 2024-02-28 | N/A | 8.1 HIGH |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | |||||
CVE-2022-25235 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | |||||
CVE-2022-25313 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | |||||
CVE-2022-25236 | 4 Debian, Libexpat Project, Oracle and 1 more | 5 Debian Linux, Libexpat, Http Server and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | |||||
CVE-2022-25315 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | |||||
CVE-2022-25314 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | |||||
CVE-2022-22822 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2021-46143 | 4 Libexpat Project, Netapp, Siemens and 1 more | 8 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | |||||
CVE-2021-45960 | 5 Debian, Libexpat Project, Netapp and 2 more | 8 Debian Linux, Libexpat, Active Iq Unified Manager and 5 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | |||||
CVE-2022-23852 | 6 Debian, Libexpat Project, Netapp and 3 more | 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | |||||
CVE-2022-22827 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-22823 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-22825 | 4 Debian, Libexpat Project, Siemens and 1 more | 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |||||
CVE-2022-23990 | 6 Debian, Fedoraproject, Libexpat Project and 3 more | 6 Debian Linux, Fedora, Libexpat and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |