Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:33883
HistoryJan 25, 2022 - 3:40 a.m.

Denial Of Service (DoS)

2022-01-2503:40:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
denial of service
libexpat
integer overflow
xml_getbuffer
xmlparse.c
vulnerability
application crash
xml_context_bytes
configuration

EPSS

0.015

Percentile

87.0%

libexpat.so is vulnerable to denial of service. The vulnerability exists due to the integer overflow in the XML_GetBuffer function of xmlparse.c. as it does not properly check INT_MAX byte length against the XML_CONTEXT_BYTES, allowing an attacker to cause an application crash through the configuration with a nonzero XML_CONTEXT_BYTES.