147 matches found
CVE-2024-45492
CVE-2024-45492 affects libexpat. Affected: expat library versions older than 2.6.3; vulnerability arises from an integer overflow in nextScaffoldPart() in xmlparse.c on 32-bit platforms, potentially enabling arbitrary code execution. Public advisories (CBL-Mariner, Debian DLA-3893-1, ALSA advisor...
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
CVE-2024-45491
CVE-2024-45491 affects libexpat prior to 2.6.3. Root cause: integer overflow in nDefaultAtts within xmlparse.c on 32-bit platforms, potentially enabling memory corruption or code execution. Public details confirm exposure is tied to libexpat, with Debian/ALMA advisories indicating DoS/code exec r...
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...
OESA-2024-1815 mozjs78 security update
Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory.CVE-2021-45960 xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain...
NewStart CGSL MAIN 5.04 : expat Vulnerability (NS-SA-2023-0070)
The remote NewStart CGSL host, running version MAIN 5.04, has expat packages installed that are affected by a vulnerability: - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Nessus has not tested for this issue but has instead relied...
The vulnerability in the doContent function of the xmlparse.c file in the XML syntax analyzer library libexpat allows a attacker to execute arbitrary code.
The vulnerability of the doContent function in the xmlparse.c file of the XML syntax analyzer library libexpat is related to the possibility of being exploited after being released. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1501)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2012-1148
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service memory consumption via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities...
SUSE CVE-2022-22824
defineAttribute in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
SUSE CVE-2022-22823
buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...
SUSE CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c...
EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2023-1145)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Tenable Network Securi...
EulerOS Virtualization 2.10.0 : expat (EulerOS-SA-2023-1166)
According to the versions of the expat package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Tenable Network Securi...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2819)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP10 : expat (EulerOS-SA-2022-2819)
According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Tenable Network Security has extracte...
Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2727)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : expat (ALAS-2022-1877)
The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1877 advisory. A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while...
expat: Integer overflow in build_model in xmlparse.c
expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...