Описание
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| expat | fixed | 2.7.4-1 | package | |
| expat | no-dsa | trixie | package | |
| expat | no-dsa | bookworm | package | |
| expat | postponed | bullseye | package |
Примечания
Fixed by: https://github.com/libexpat/libexpat/commit/7ddea353ad3795f7222441274d4d9a155b523cba (R_2_7_4)
Fixed by: https://github.com/libexpat/libexpat/commit/8855346359a475c022ec8c28484a76c852f144d9 (R_2_7_4)
Fixed by: https://github.com/libexpat/libexpat/commit/9c2d990389e6abe2e44527eeaa8b39f16fe859c7 (R_2_7_4)
EPSS
Связанные уязвимости
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании
EPSS