CVE-2023-52425

Опубликовано: 04 фев. 2024

Источник: debian

EPSS Низкий

Описание

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
expat	fixed	2.6.0-1		package
expat	no-dsa		bookworm	package
libxmltok	removed			package
libxmltok	ignored		bookworm	package

Примечания

https://github.com/libexpat/libexpat/pull/789
Merge commit: https://github.com/libexpat/libexpat/commit/34b598c5f594b015c513c73f06e7ced3323edbf1

EPSS

Процентиль: 69%

0.0061

Низкий

Связанные уязвимости

CVE-2023-52425

CVSS3: 7.5

ubuntu

больше 1 года назад

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE-2023-52425

CVSS3: 7.5

redhat

больше 1 года назад

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE-2023-52425

CVSS3: 7.5

nvd

больше 1 года назад

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE-2023-52425

CVSS3: 7.5

msrc

больше 1 года назад

Описание отсутствует

SUSE-SU-2024:3004-1

suse-cvrf

10 месяцев назад

Security update for expat

EPSS

Процентиль: 69%

0.0061

Низкий