Astra Linux - уязвимость в firefox, thunderbird, expat, libxmltok

LibExpat through version 2.5.0 causes a denial of service resource consumption because multiple reparings are required when dealing with large tokens, resulting in multiple buffer fills...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

CLSA-2024-1714727824 expat: Fix of CVE-2023-52425

CVE-2023-52425: fix reparsings for large token to prevent DoS...

CLSA-2024-1714065693 expat: Fix of CVE-2023-52425

CVE-2023-52425: fix reparsings for large token to prevent DoS...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

...

AZL-34207 CVE-2023-52425 affecting package expat for versions less than 2.6.2-2

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

NVIDIA GPU Display Driver Security Vulnerability

NVIDIA GPU Display Driver is a driver from NVIDIA Corporation that is used for interactive support of graphics card display modules in operating systems. A security vulnerability exists in NVIDIA GPU Display Driver that originates from the use of re-parsing to write arbitrary data to a privileged...

libxml2: Incorrect server side include parsing can lead to XSS

A Cross-site scripting XSS vulnerability was found in libxml2. A specially crafted input, when serialized and re-parsed by the libxml2 library, will result in a document with element attributes that did not exist in the original document...

CVE-2023-34188

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests...