CVE-2026-32778

Опубликовано: 16 мар. 2026

Источник: nvd

CVSS3: 2.9

CVSS3: 5.5

EPSS Низкий

Описание

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

Ссылки

https://github.com/libexpat/libexpat/pull/1159
Issue Tracking
Patch
https://github.com/libexpat/libexpat/pull/1163
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Версия до 2.7.5 (исключая)

EPSS

Процентиль: 2%

0.00013

Низкий

2.9 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-476

Связанные уязвимости

CVE-2026-32778

CVSS3: 2.9

ubuntu

10 дней назад

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

CVE-2026-32778

CVSS3: 5.1

redhat

10 дней назад

A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application.

CVE-2026-32778

msrc

8 дней назад

Описание отсутствует

CVE-2026-32778

CVSS3: 2.9

debian

10 дней назад

libexpat before 2.7.5 allows a NULL pointer dereference in the functio ...

GHSA-hx82-g397-5ggr

CVSS3: 2.9

github

10 дней назад

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

EPSS

Процентиль: 2%

0.00013

Низкий

2.9 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-476