libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

References

www.openwall.com/lists/oss-security/2024/03/15/1

github.com/libexpat/libexpat/issues/839

github.com/libexpat/libexpat/pull/842

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/

security.netapp.com/advisory/ntap-20240322-0001/

openvas 24

ubuntucve 1

nessus 30

cbl_mariner 2

fedora 3

nvd 1

f5 1

cvelist 1

ibm 14

slackware 2

githubexploit 3

aix 1

veracode 1

redos 1

alpinelinux 1

debiancve 1

osv 3

redhatcve 1

cve 1

almalinux 1

photon 2

mageia 1

oraclelinux 1

redhat 14

cloudfoundry 1

ubuntu 1

ics 1

oracle 1

openvas

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-1929)

2024-07-16 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2024-2191)

2024-08-20 00:00:00

Fedora: Security Advisory (FEDORA-2024-4e6e660fae)

2024-03-25 00:00:00

ubuntucve

CVE-2024-28757

2024-03-10 00:00:00

nessus

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-1956)

2024-07-16 00:00:00

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-1929)

2024-07-16 00:00:00

Photon OS 5.0: Expat PHSA-2024-5.0-0229

2024-07-24 00:00:00

cbl_mariner

CVE-2024-28757 affecting package expat for versions less than 2.6.2-1

2024-06-21 09:32:44

CVE-2024-28757 affecting package expat for versions less than 2.6.2-2

2024-04-09 20:48:36

fedora

[SECURITY] Fedora 40 Update: mingw-expat-2.6.1-1.fc40

2024-03-23 00:50:46

[SECURITY] Fedora 38 Update: mingw-expat-2.6.1-1.fc38

2024-03-19 02:00:28

[SECURITY] Fedora 39 Update: mingw-expat-2.6.1-1.fc39

2024-03-19 01:10:52

nvd

CVE-2024-28757

2024-03-10 05:15:06

K000139637: Expat vulnerability CVE-2024-28757

2024-05-16 00:00:00

cvelist

CVE-2024-28757

2024-03-10 00:00:00

ibm

Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)

2024-06-13 22:04:57

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

2024-06-11 17:31:41

Security Bulletin: IBM Observability with Instana is affected by Multiple Security Vulnerabilities

2024-05-08 09:39:44

slackware

[slackware-security] expat

2024-03-13 19:51:59

[slackware-security] python3

2024-09-09 01:06:11

githubexploit

Exploit for CVE-2024-28757

2024-05-03 09:21:27

Exploit for CVE-2024-28757

2024-05-03 04:58:24

Exploit for CVE-2024-28757

2024-05-03 09:24:51

aix

AIX is affected by information disclosure due to Python (CVE-2024-28757)

2024-06-13 15:37:38

veracode

XML Entity Expansion

2024-03-11 07:18:06

redos

ROS-20240506-01

2024-05-06 00:00:00

alpinelinux

CVE-2024-28757

2024-03-10 05:15:06

debiancve

CVE-2024-28757

2024-03-10 05:15:06

osv

CVE-2024-28757

2024-03-10 05:15:06

Moderate: expat security update

2024-03-26 00:00:00

expat vulnerabilities

2024-03-14 10:19:40

redhatcve

CVE-2024-28757

2024-03-10 10:10:35

cve

CVE-2024-28757

2024-03-10 05:15:06

almalinux

Moderate: expat security update

2024-03-26 00:00:00

photon

Important Photon OS Security Update - PHSA-2024-4.0-0582

2024-03-22 00:00:00

Important Photon OS Security Update - PHSA-2024-5.0-0229

2024-03-22 00:00:00

mageia

Updated expat packages fix security vulnerabilities

2024-03-18 19:12:23

oraclelinux

expat security update

2024-03-26 00:00:00

redhat

(RHSA-2024:3926) Moderate: expat security update

2024-06-13 14:14:44

(RHSA-2024:1530) Moderate: expat security update

2024-03-26 16:30:26

(RHSA-2024:4041) Important: OpenShift Container Platform 4.15.19 bug fix and security update

2024-06-26 12:01:55

cloudfoundry

USN-6694-1: Expat vulnerabilities | Cloud Foundry

2024-04-04 00:00:00

ubuntu

Expat vulnerabilities

2024-03-14 00:00:00

ics

Siemens SINEC NMS

2024-08-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - July 2024

2024-07-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28757