It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchexpat< 2.6.2-1expat-2.6.2-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	expat	< 2.6.2-1	expat-2.6.2-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32970

ubuntu.com/security/notices/USN-6694-1

openvas 43

osv 17

ubuntu 1

nessus 59

redhat 11

cloudfoundry 1

almalinux 3

oraclelinux 3

vulnrichment 2

ubuntucve 2

fedora 11

cbl_mariner 4

slackware 2

githubexploit 3

nvd 2

f5 2

ibm 13

cvelist 2

aix 1

alpinelinux 2

redos 2

veracode 2

debiancve 2

redhatcve 2

cve 2

prion 1

rocky 1

debian 1

photon 2

openvas

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1881)

2024-07-16 00:00:00

SUSE: Security Advisory (SUSE-SU-2024:1129-1)

2024-05-07 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-2116)

2024-08-20 00:00:00

osv

expat vulnerabilities

2024-03-14 10:19:40

Moderate: expat security update

2024-03-26 00:00:00

expat-2.6.2-1.1 on GA media

2024-06-15 00:00:00

ubuntu

Expat vulnerabilities

2024-03-14 00:00:00

nessus

Ubuntu 22.04 LTS / 23.10 : Expat vulnerabilities (USN-6694-1)

2024-03-14 00:00:00

EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-1905)

2024-07-15 00:00:00

EulerOS 2.0 SP10 : expat (EulerOS-SA-2024-1881)

2024-07-15 00:00:00

redhat

(RHSA-2024:3926) Moderate: expat security update

2024-06-13 14:14:44

(RHSA-2024:1530) Moderate: expat security update

2024-03-26 16:30:26

(RHSA-2024:4150) Moderate: OpenShift Container Platform 4.15.20 security update

2024-07-02 16:38:16

cloudfoundry

USN-6694-1: Expat vulnerabilities | Cloud Foundry

2024-04-04 00:00:00

almalinux

Moderate: expat security update

2024-03-26 00:00:00

Moderate: expat security update

2024-04-02 00:00:00

Moderate: xmlrpc-c security and bug fix update

2024-07-02 00:00:00

oraclelinux

expat security update

2024-03-26 00:00:00

xmlrpc-c security and bug fix update

2024-07-02 00:00:00

expat security update

2024-04-03 00:00:00

vulnrichment

CVE-2024-28757

2024-03-10 00:00:00

CVE-2023-52425

2024-02-04 00:00:00

ubuntucve

CVE-2024-28757

2024-03-10 00:00:00

CVE-2023-52425

2024-02-04 00:00:00

fedora

[SECURITY] Fedora 40 Update: mingw-expat-2.6.1-1.fc40

2024-03-23 00:50:46

[SECURITY] Fedora 38 Update: mingw-expat-2.6.1-1.fc38

2024-03-19 02:00:28

[SECURITY] Fedora 39 Update: mingw-expat-2.6.1-1.fc39

2024-03-19 01:10:52

cbl_mariner

CVE-2024-28757 affecting package expat for versions less than 2.6.2-1

2024-06-21 09:32:44

CVE-2024-28757 affecting package expat for versions less than 2.6.2-2

2024-04-09 20:48:36

CVE-2023-52425 affecting package expat for versions less than 2.6.2-1

2024-06-21 09:32:44

slackware

[slackware-security] expat

2024-03-13 19:51:59

[slackware-security] expat

2024-02-07 20:13:19

githubexploit

Exploit for CVE-2024-28757

2024-05-03 04:58:24

Exploit for CVE-2024-28757

2024-05-03 09:21:27

Exploit for CVE-2024-28757

2024-05-03 09:24:51

nvd

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

K000139637: Expat vulnerability CVE-2024-28757

2024-05-16 00:00:00

K000139630: Expat vulnerability CVE-2023-52425

2024-05-16 00:00:00

ibm

Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)

2024-06-13 22:04:57

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

2024-06-11 17:31:41

Security Bulletin: Denial of Service vulnerability in IBM HTTP Server used by WebSphere Application Server affects IBM Business Automation Workflow (CVE-2023-52425)

2024-03-27 15:46:43

cvelist

CVE-2024-28757

2024-03-10 00:00:00

CVE-2023-52425

2024-02-04 00:00:00

aix

AIX is affected by information disclosure due to Python (CVE-2024-28757)

2024-06-13 15:37:38

alpinelinux

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

redos

ROS-20240506-01

2024-05-06 00:00:00

ROS-20240820-04

2024-08-20 00:00:00

veracode

XML Entity Expansion

2024-03-11 07:18:06

Denial Of Service

2024-02-11 08:46:00

debiancve

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

redhatcve

CVE-2024-28757

2024-03-10 10:10:35

CVE-2023-52425

2024-02-05 23:59:53

cve

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

prion

Design/Logic Flaw

2024-02-04 20:15:00

rocky

expat security update

2024-04-05 14:55:53

debian

[SECURITY] [DLA 3783-1] expat security update

2024-04-09 04:41:36

photon

Important Photon OS Security Update - PHSA-2024-4.0-0582

2024-03-22 00:00:00

Important Photon OS Security Update - PHSA-2024-5.0-0229

2024-03-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

38.0%

JSON

Related for MGASA-2024-0072