libexpat is vulnerable to XML Entity Expansion. The vulnerability is caused due to insufficient input validation and handling of external entities in the XML parser. This allows an attacker to perform an XML Entity Expansion attack.
Vendor | Product | Version | CPE |
---|---|---|---|
veracode | libexpat.so | * | cpe:2.3:a:veracode:libexpat.so:*:*:*:*:*:*:*:* |
veracode | expat\ | sid | cpe:2.3:a:veracode:expat\:sid:2.4.1-2:*:*:*:*:*:*:* |
veracode | expat\ | sid | cpe:2.3:a:veracode:expat\:sid:2.2.10-1:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.4.8-r1:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.4.5-r0:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.5.0-r0:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.2.9-r1:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.6.0-r0:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.4.8-r0:*:*:*:*:*:*:* |
veracode | expat\ | edge | cpe:2.3:a:veracode:expat\:edge:2.2.10-r1:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2024/03/15/1
github.com/libexpat/libexpat/commit/5026213864ba1a11ef03ba2e8111af8654e9404d
github.com/libexpat/libexpat/issues/839
github.com/libexpat/libexpat/pull/842
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
security.netapp.com/advisory/ntap-20240322-0001/