Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-52425
HistoryFeb 04, 2024 - 12:00 a.m.

CVE-2023-52425

2024-02-0400:00:00
ubuntu.com
ubuntu.com
24
libexpat
denial of service
resource consumption
large token
buffer fills
debian
paraview
xotcl
poco
gdcm
audacity
simgear
coin3
sitecopy
insighttoolkit
apache2
apr-util
cmake
ghostscript
firefox
unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

22.4%

libexpat through 2.5.0 allows a denial of service (resource consumption)
because many full reparsings are required in the case of a large token for
which multiple buffer fills are needed.

Bugs

Notes

Author Note
sbeattie paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) insighttoolkit uses system expat as of 4.12.1-dfsg1
mdeslaur apache2 uses system expat apr-util uses system expat cmake uses system expat ghostscript uses system expat firefox uses system expat

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

22.4%