Astra Linux - уязвимость в firefox, thunderbird, expat, libxmltok

LibExpat through version 2.5.0 causes a denial of service resource consumption because multiple reparings are required when dealing with large tokens, resulting in multiple buffer fills...

CLSA-2026-1776441769 expat: Fix of 4 CVEs

CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor - CVE-2023-52425: add reparse deferral heuristic to prevent On^2 parsing of large tokens in small buffer refills; fix buffer growth calculation - CVE-2013-0340: add billion laughs entity...

MiracleLinux 8 : xmlrpc-c-1.51.0-9.el8_10 (AXSA:2024-8511:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8511:01 advisory. expat: parsing large tokens can trigger a denial of service CVE-2023-52425 CVE-2023-52425 libexpat through 2.5.0 allows a denial of service resource...

Denial Of Service (DoS)

joserfc is vulnerable to Denial of Service DoS. The vulnerability is due to ExceededSizeError exception messages embedding non-decoded JWT token parts, which may cause Python logging systems to process extremely large attacker-supplied JWT payloads, potentially leading to excessive memory or...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

CVE-2025-65015

The CVE-2025-65015 issue affects the Python library joserfc (JOSE). Versions 1.3.3–1.3.5 and 1.4.0–1.4.2 embed ExceededSizeError messages with fully loaded JWT payloads, which may cause a misconfigured or fronted production web server to allow arbitrarily large bearer tokens to be logged in full ...

joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

Siemens SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2023-52425)

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

BIT-GITLAB-2025-10094 Improper Validation of Specified Quantity in Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large...

CVE-2025-10094

CVE-2025-10094 affects GitLab CE/EE, impacting all versions from 10.7 before 18.1.6; 18.2 before 18.2.6; and 18.3 before 18.3.2. The issue allows authenticated users to disrupt access to token listings and related administrative operations by creating tokens with excessively large names, a root c...

PT-2025-37286

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.7 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that allows authenticated users to disrupt access to token listings and...

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2363)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for...

OESA-2024-1741 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case...

CLSA-2024-1714727652 expat: Fix of CVE-2023-52425

CVE-2023-52425: fix reparsings for large token to prevent DoS...

CLSA-2024-1714065693 expat: Fix of CVE-2023-52425

CVE-2023-52425: fix reparsings for large token to prevent DoS...

expat: parsing large tokens can trigger a denial of service

A flaw was found in Expat libexpat. When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service...

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

AZL-34207 CVE-2023-52425 affecting package expat for versions less than 2.6.2-2

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...