CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 0CVE-2024-45490 – libexpat: Negative Length Parsing Vulnerability in libexpat
https://notcve.org/view.php?id=CVE-2024-45490
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issu... • https://github.com/libexpat/libexpat/issues/887 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 0CVE-2024-45491 – libexpat: Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2024-45491
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. ... • https://github.com/libexpat/libexpat/issues/888 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 22EXPL: 1CVE-2024-45492 – libexpat: integer overflow
https://notcve.org/view.php?id=CVE-2024-45492
30 Aug 2024 — An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX. Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution. Versions greater than or equal... • https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 36EXPL: 3CVE-2024-28757 – expat: XML Entity Expansion
https://notcve.org/view.php?id=CVE-2024-28757
10 Mar 2024 — libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). libexpat hasta 2.6.1 permite un ataque de expansión de entidad XML cuando hay un uso aislado de analizadores externos (creados a través de XML_ExternalEntityParserCreate). An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers. • https://github.com/RenukaSelvar/expat_CVE-2024-28757 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2023-52425 – expat: parsing large tokens can trigger a denial of service
https://notcve.org/view.php?id=CVE-2023-52425
04 Feb 2024 — libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. libexpat hasta 2.5.0 permite una denegación de servicio (consumo de recursos) porque se requieren muchos análisis completos en el caso de un token grande para el cual se necesitan múltiples rellenos de búfer. A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, E... • http://www.openwall.com/lists/oss-security/2024/03/20/5 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52426
https://notcve.org/view.php?id=CVE-2023-52426
04 Feb 2024 — libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. libexpat hasta 2.5.0 permite la expansión recursiva de entidades XML si XML_DTD no está definido en el momento de la compilación. • https://cwe.mitre.org/data/definitions/776.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 5CVE-2022-43680 – expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate
https://notcve.org/view.php?id=CVE-2022-43680
24 Oct 2022 — In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. En libexpat versiones hasta 2.4.9, se presenta un uso de memoria previamente liberada causado por la destrucción excesiva de un DTD compartido en XML_ExternalEntityParserCreate en situaciones fuera de memoria A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-mem... • https://github.com/Trinadh465/external_expat-2.1.0_CVE-2022-43680 • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-40674 – expat: a use-after-free in the doContent function in xmlparse.c
https://notcve.org/view.php?id=CVE-2022-40674
14 Sep 2022 — libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. libexpat versiones anteriores a 2.4.9, presenta un uso de memoria previamente liberada en la función doContent en el archivo xmlparse.c A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XML_ResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed ... • https://github.com/libexpat/libexpat/pull/629 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2022-25314 – expat: Integer overflow in copyString()
https://notcve.org/view.php?id=CVE-2022-25314
18 Feb 2022 — In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. En Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, se presenta un desbordamiento de enteros en copyString An integer overflow flaw was found in expat. This issue affects the encoding name parameter at the parser creation time, which is often hard-coded (rather than user input), takes a value in the gigabytes to trigger, and on a 64-bit machine. This flaw can cause a denial of service. Red Hat JBoss Core S... • https://github.com/ShaikUsaf/external_expact_AOSP10_r33_CVE-2022-25314 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 7%CPEs: 9EXPL: 3CVE-2022-25315 – expat: Integer overflow in storeRawNames()
https://notcve.org/view.php?id=CVE-2022-25315
18 Feb 2022 — In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. En Expat (también se conoce como libexpat) versiones anteriores a 2.4.5, se presenta un desbordamiento de enteros en storeRawNames An integer overflow was found in expat. The issue occurs in storeRawNames() by abusing the m_buffer expansion logic to allow allocations very close to INT_MAX and out-of-bounds heap writes. This flaw can cause a denial of service or potentially arbitrary code execution. Red Hat JBoss Core Servic... • https://github.com/ShaikUsaf/external_expact_AOSP10_r33_CVE-2022-25315 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •