Unrated severityNVD Advisory· Published Feb 4, 2024· Updated Nov 4, 2025
CVE-2023-52426
CVE-2023-52426
Description
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=2.5.0
- osv-coords3 versionspkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.1
< 2.6.0-1.1+ 2 more
- (no CPE)range: < 2.6.0-1.1
- (no CPE)range: < 2.7.1-1.1
- (no CPE)range: < 2.7.1-slfo.1.1_1.1
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/mitrevendor-advisory
- cwe.mitre.org/data/definitions/776.htmlmitre
- github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404mitre
- github.com/libexpat/libexpat/pull/777mitre
- security.netapp.com/advisory/ntap-20240307-0005/mitre
News mentions
0No linked articles in our index yet.