rpm package
almalinux/expat
pkg:rpm/almalinux/expat
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45186 | Low | 2.9 | < 2.7.3-1.el10_2.1 | 2.7.3-1.el10_2.1 | May 10, 2026 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | |
| CVE-2025-59375 | Hig | 7.5 | < 2.7.1-1.el10_0.3 | 2.7.1-1.el10_0.3 | Sep 15, 2025 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | |
| CVE-2024-8176 | Hig | 7.5 | < 2.5.0-3.el9_5.3 | 2.5.0-3.el9_5.3 | Mar 14, 2025 | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c | |
| CVE-2024-50602 | — | < 2.2.5-16.el8_10 | 2.2.5-16.el8_10 | Oct 27, 2024 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | ||
| CVE-2024-45492 | Cri | 9.8 | < 2.5.0-2.el9_4.1 | 2.5.0-2.el9_4.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45491 | Cri | 9.8 | < 2.5.0-2.el9_4.1 | 2.5.0-2.el9_4.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45490 | Hig | 7.5 | < 2.5.0-2.el9_4.1 | 2.5.0-2.el9_4.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | |
| CVE-2024-28757 | — | < 2.5.0-1.el9_3.1 | 2.5.0-1.el9_3.1 | Mar 10, 2024 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | ||
| CVE-2023-52425 | — | < 2.5.0-1.el9_3.1 | 2.5.0-1.el9_3.1 | Feb 4, 2024 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | ||
| CVE-2022-43680 | — | < 2.2.5-10.el8_7.1 | 2.2.5-10.el8_7.1 | Oct 24, 2022 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||
| CVE-2022-40674 | — | < 2.2.10-12.el9_0.3 | 2.2.10-12.el9_0.3 | Sep 14, 2022 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | ||
| CVE-2022-25314 | — | < 2.2.10-12.el9_0.2 | 2.2.10-12.el9_0.2 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | ||
| CVE-2022-25315 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | ||
| CVE-2022-25313 | — | < 2.2.10-12.el9_0.2 | 2.2.10-12.el9_0.2 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | ||
| CVE-2022-25235 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Feb 16, 2022 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | ||
| CVE-2022-25236 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Feb 16, 2022 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | ||
| CVE-2022-23852 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 24, 2022 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | ||
| CVE-2022-22822 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 8, 2022 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22823 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 8, 2022 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22824 | — | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 8, 2022 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
- affected < 2.7.3-1.el10_2.1fixed 2.7.3-1.el10_2.1
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
- affected < 2.7.1-1.el10_0.3fixed 2.7.1-1.el10_0.3
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
- affected < 2.5.0-3.el9_5.3fixed 2.5.0-3.el9_5.3
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
- CVE-2024-50602Oct 27, 2024affected < 2.2.5-16.el8_10fixed 2.2.5-16.el8_10
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
- affected < 2.5.0-2.el9_4.1fixed 2.5.0-2.el9_4.1
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 2.5.0-2.el9_4.1fixed 2.5.0-2.el9_4.1
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 2.5.0-2.el9_4.1fixed 2.5.0-2.el9_4.1
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
- CVE-2024-28757Mar 10, 2024affected < 2.5.0-1.el9_3.1fixed 2.5.0-1.el9_3.1
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
- CVE-2023-52425Feb 4, 2024affected < 2.5.0-1.el9_3.1fixed 2.5.0-1.el9_3.1
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
- CVE-2022-43680Oct 24, 2022affected < 2.2.5-10.el8_7.1fixed 2.2.5-10.el8_7.1
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- CVE-2022-40674Sep 14, 2022affected < 2.2.10-12.el9_0.3fixed 2.2.10-12.el9_0.3
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
- CVE-2022-25314Feb 18, 2022affected < 2.2.10-12.el9_0.2fixed 2.2.10-12.el9_0.2
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
- CVE-2022-25315Feb 18, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
- CVE-2022-25313Feb 18, 2022affected < 2.2.10-12.el9_0.2fixed 2.2.10-12.el9_0.2
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
- CVE-2022-25235Feb 16, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- CVE-2022-25236Feb 16, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
- CVE-2022-23852Jan 24, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
- CVE-2022-22822Jan 8, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22823Jan 8, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22824Jan 8, 2022affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Page 1 of 2