AZL-75102 CVE-2026-24515 affecting package expat for versions less than 2.6.4-4

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

K000139525: Libexpat vulnerability CVE-2022-43680

Security Advisory Description In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. CVE-2022-43680 Impact System performance degradation can occur until the process is forced to restart...

F5 Networks BIG-IP : Libexpat vulnerability (K000139525)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000139525 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in...

Fedora 40 : mingw-expat (2024-afb73e6f62)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-afb73e6f62 advisory. Update to 2.6.1, backport fix for CVE-2024-28757. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

CentOS 9 : expat-2.5.0-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the expat-2.5.0-1.el9 build changelog. - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memo...

RHEL 8 : expat (RHSA-2024:0421)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0421 advisory. Expat is a C library for parsing XML documents. Security Fixes: expat: use-after free caused by overeager destruction of a shared DTD in...

Rocky Linux 9 : expat (RLSA-2023:0337)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0337 advisory. - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory...

EulerOS Virtualization 3.0.6.0 : expat (EulerOS-SA-2023-2219)

According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 - In libexpat through 2.4.9,...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-2036)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : expat (EulerOS-SA-2023-2036)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCrea...

EulerOS Virtualization 2.10.0 : expat (EulerOS-SA-2023-1919)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCrea...

EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2023-1888)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCrea...

EulerOS Virtualization 2.9.0 : expat (EulerOS-SA-2023-1657)

According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCrea...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1657)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2023-058)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-058 advisory. In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1355)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : expat (EulerOS-SA-2023-1355)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in...

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1311)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : expat (EulerOS-SA-2023-1311)

According to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in...