Lucene search

K

27 matches found

CVE
CVE
•added 2024/03/10 5:15 a.m.•8298 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00479EPSS
CVE
CVE
•added 2019/09/04 6:15 a.m.•765 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

7.5CVSS8.2AI score0.00361EPSS
CVE
CVE
•added 2014/01/21 6:55 p.m.•632 views

CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a cr...

6.8CVSS7.1AI score0.00039EPSS
CVE
CVE
•added 2022/02/16 1:15 a.m.•628 views

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

9.8CVSS9.6AI score0.13322EPSS
CVE
CVE
•added 2022/02/16 1:15 a.m.•542 views

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

9.8CVSS9.5AI score0.09358EPSS
CVE
CVE
•added 2022/02/18 5:15 a.m.•507 views

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

9.8CVSS9.8AI score0.07898EPSS
CVE
CVE
•added 2019/06/24 5:15 p.m.•477 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

7.8CVSS7.5AI score0.05817EPSS
CVE
CVE
•added 2022/09/14 11:15 a.m.•446 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

8.1CVSS8.3AI score0.00623EPSS
CVE
CVE
•added 2022/01/24 2:15 a.m.•445 views

CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

9.8CVSS9.6AI score0.01944EPSS
CVE
CVE
•added 2022/01/26 7:15 p.m.•391 views

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

7.5CVSS8.7AI score0.037EPSS
CVE
CVE
•added 2022/01/10 2:12 p.m.•376 views

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.01328EPSS
CVE
CVE
•added 2016/05/26 4:59 p.m.•352 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.01771EPSS
CVE
CVE
•added 2022/01/01 7:15 p.m.•312 views

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

9CVSS9.1AI score0.00374EPSS
CVE
CVE
•added 2022/02/18 5:15 a.m.•301 views

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

7.5CVSS8.8AI score0.00469EPSS
CVE
CVE
•added 2022/01/10 2:12 p.m.•295 views

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS
CVE
CVE
•added 2022/01/10 2:12 p.m.•290 views

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS
CVE
CVE
•added 2022/01/10 2:12 p.m.•260 views

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS
CVE
CVE
•added 2022/01/06 4:15 a.m.•258 views

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

8.1CVSS8.9AI score0.04085EPSS
CVE
CVE
•added 2022/02/18 5:15 a.m.•257 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.00134EPSS
CVE
CVE
•added 2022/01/10 2:12 p.m.•253 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS
CVE
CVE
•added 2022/01/10 2:12 p.m.•253 views

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00279EPSS
CVE
CVE
•added 2012/07/03 7:55 p.m.•251 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00414EPSS
CVE
CVE
•added 2024/08/30 3:15 a.m.•187 views

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.00107EPSS
CVE
CVE
•added 2024/08/30 3:15 a.m.•179 views

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

9.8CVSS7AI score0.00069EPSS
CVE
CVE
•added 2016/06/16 6:59 p.m.•154 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

7.8CVSS7.7AI score0.02514EPSS
CVE
CVE
•added 2024/08/30 3:15 a.m.•148 views

CVE-2024-45492

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.00225EPSS
CVE
CVE
•added 2016/06/16 6:59 p.m.•138 views

CVE-2012-6702

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

5.9CVSS6.2AI score0.00616EPSS