Lucene search

K

36 matches found

CVE
CVE
added 2024/03/10 5:15 a.m.8282 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00487EPSS
CVE
CVE
added 2019/09/04 6:15 a.m.721 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

7.5CVSS8.2AI score0.00193EPSS
CVE
CVE
added 2014/01/21 6:55 p.m.623 views

CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a cr...

6.8CVSS7.1AI score0.00042EPSS
CVE
CVE
added 2022/02/16 1:15 a.m.606 views

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

9.8CVSS9.6AI score0.12745EPSS
CVE
CVE
added 2022/02/16 1:15 a.m.519 views

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

9.8CVSS9.5AI score0.09151EPSS
CVE
CVE
added 2022/02/18 5:15 a.m.485 views

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

9.8CVSS9.8AI score0.0753EPSS
CVE
CVE
added 2019/06/24 5:15 p.m.462 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

7.8CVSS7.5AI score0.05817EPSS
CVE
CVE
added 2022/01/24 2:15 a.m.409 views

CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

9.8CVSS9.6AI score0.01944EPSS
CVE
CVE
added 2022/09/14 11:15 a.m.402 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

8.1CVSS8.3AI score0.00625EPSS
CVE
CVE
added 2022/10/24 2:15 p.m.398 views

CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

7.5CVSS7.7AI score0.00244EPSS
CVE
CVE
added 2022/01/26 7:15 p.m.352 views

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

7.5CVSS8.7AI score0.03519EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.338 views

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.01329EPSS
CVE
CVE
added 2016/05/26 4:59 p.m.309 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.01504EPSS
CVE
CVE
added 2015/07/23 12:59 a.m.299 views

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a relate...

6.8CVSS8.4AI score0.05699EPSS
CVE
CVE
added 2022/01/01 7:15 p.m.293 views

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

9CVSS9.1AI score0.00385EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.279 views

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.273 views

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS
CVE
CVE
added 2022/02/18 5:15 a.m.265 views

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

7.5CVSS8.8AI score0.00445EPSS
CVE
CVE
added 2024/10/27 5:15 a.m.260 views

CVE-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

5.9CVSS7.1AI score0.00054EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.243 views

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS
CVE
CVE
added 2022/01/06 4:15 a.m.240 views

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

8.1CVSS8.9AI score0.04193EPSS
CVE
CVE
added 2022/02/18 5:15 a.m.237 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.00124EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.235 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00399EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.235 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS
CVE
CVE
added 2017/07/25 8:29 p.m.234 views

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

7.5CVSS8.4AI score0.00201EPSS
CVE
CVE
added 2022/01/10 2:12 p.m.234 views

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00279EPSS
CVE
CVE
added 2016/06/30 5:59 p.m.189 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS8.9AI score0.05699EPSS
CVE
CVE
added 2024/02/04 8:15 p.m.171 views

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

7.5CVSS7.5AI score0.0061EPSS
CVE
CVE
added 2024/08/30 3:15 a.m.162 views

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.0011EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.150 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

7.8CVSS7.7AI score0.02202EPSS
CVE
CVE
added 2024/08/30 3:15 a.m.148 views

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

9.8CVSS7AI score0.0007EPSS
CVE
CVE
added 2016/06/16 6:59 p.m.136 views

CVE-2012-6702

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

5.9CVSS6.2AI score0.00733EPSS
CVE
CVE
added 2024/08/30 3:15 a.m.124 views

CVE-2024-45492

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.00232EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.99 views

CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

5CVSS7.9AI score0.01442EPSS
CVE
CVE
added 2024/02/04 8:15 p.m.90 views

CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

5.5CVSS5.6AI score0.00019EPSS
CVE
CVE
added 2012/07/03 7:55 p.m.80 views

CVE-2012-1147

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

4.3CVSS7.9AI score0.01082EPSS