Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-28757

Опубликовано: 10 мар. 2024
Источник: redhat
CVSS3: 7.5

Описание

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.

Отчет

This vulnerability is rated as a moderate severity because a flaw was found in the libexpat library in the xmlparse.c file, specifically in the handling of external parsers. The issue is an XML Entity Expansion flaw caused by the parser's failure to detect direct recursion when a parameter entity references itself in an external subset. An attacker can trigger this by submitting a specially crafted XML document, which creates an infinite processing loop, leading to uncontrolled resource consumption and causing a denial of service (DoS).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6compat-expat1Not affected
Red Hat Enterprise Linux 6expatNot affected
Red Hat Enterprise Linux 7expatNot affected
Red Hat Enterprise Linux 8expatFixedRHSA-2025:2177619.11.2025
Red Hat Enterprise Linux 9expatFixedRHBA-2024:251830.04.2024
Red Hat Enterprise Linux 9expatFixedRHSA-2024:153026.03.2024
Red Hat Enterprise Linux 9expatFixedRHBA-2024:251830.04.2024
Red Hat Enterprise Linux 9expatFixedRHSA-2024:153026.03.2024
Red Hat Enterprise Linux 9.2 Extended Update SupportexpatFixedRHSA-2024:392613.06.2024
Red Hat OpenShift Container Platform 4.15rhcos-415.92.202603101737FixedRHSA-2026:441919.03.2026

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-776
https://bugzilla.redhat.com/show_bug.cgi?id=2268766expat: XML Entity Expansion

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-28757

CVSS3: 7.5
ubuntu
около 2 лет назад

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

nvd логотип

CVE-2024-28757

CVSS3: 7.5
nvd
около 2 лет назад

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

msrc логотип

CVE-2024-28757

CVSS3: 7.5
msrc
около 1 года назад

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

debian логотип

CVE-2024-28757

CVSS3: 7.5
debian
около 2 лет назад

libexpat through 2.6.1 allows an XML Entity Expansion attack when ther ...

github логотип

GHSA-ch5v-h69f-mxc8

CVSS3: 7.5
github
около 2 лет назад

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5 High

CVSS3