Описание
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| expat | fixed | 2.6.0-1 | package | |
| libxmltok | removed | package | ||
| libxmltok | ignored | bookworm | package |
Примечания
https://github.com/libexpat/libexpat/pull/777
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404
https://github.com/libexpat/libexpat/pull/777#issuecomment-1965172301
CVE is for fixing billion laughs attacks for users compiling *without* XML_DTD defined,
which is not the case for Debian.
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 1 года назад
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVSS3: 5.5
redhat
больше 1 года назад
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVSS3: 5.5
nvd
больше 1 года назад
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
