Описание
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.
Отчет
Direct recursion of parameter entities repeatedly referenced themselves, creating a loop that was not detected in the external subset. This is against XML rules and caused unpredictable behaviour during runtime, which could lead to a denial of service (DoS) attack
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | compat-expat1 | Not affected | ||
| Red Hat Enterprise Linux 6 | expat | Not affected | ||
| Red Hat Enterprise Linux 7 | expat | Not affected | ||
| Red Hat Enterprise Linux 8 | expat | Not affected | ||
| Red Hat Enterprise Linux 9 | expat | Fixed | RHBA-2024:2518 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | expat | Fixed | RHSA-2024:1530 | 26.03.2024 |
| Red Hat Enterprise Linux 9 | expat | Fixed | RHBA-2024:2518 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | expat | Fixed | RHSA-2024:1530 | 26.03.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | expat | Fixed | RHSA-2024:3926 | 13.06.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
libexpat through 2.6.1 allows an XML Entity Expansion attack when ther ...
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
EPSS
7.5 High
CVSS3