rpm package

almalinux/xmlrpc-c-client

pkg:rpm/almalinux/xmlrpc-c-client

Vulnerabilities (10)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-8176	Hig	7.5	< 1.51.0-11.el8_10	1.51.0-11.el8_10	Mar 14, 2025	A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
CVE-2024-45491	Cri	9.8	< 1.51.0-10.el8_10	1.51.0-10.el8_10	Aug 30, 2024	An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2023-52425		—	< 1.51.0-9.el8_10	1.51.0-9.el8_10	Feb 4, 2024	libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2022-22822		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 8, 2022	addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 8, 2022	build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 8, 2022	defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 8, 2022	lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 8, 2022	nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 8, 2022	storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2021-46143		—	< 1.51.0-8.el8	1.51.0-8.el8	Jan 6, 2022	In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

CVE-2024-8176HigMar 14, 2025
affected < 1.51.0-11.el8_10fixed 1.51.0-11.el8_10
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
CVE-2024-45491CriAug 30, 2024
affected < 1.51.0-10.el8_10fixed 1.51.0-10.el8_10
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2023-52425Feb 4, 2024
affected < 1.51.0-9.el8_10fixed 1.51.0-9.el8_10
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2022-22822Jan 8, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823Jan 8, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824Jan 8, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825Jan 8, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826Jan 8, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827Jan 8, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2021-46143Jan 6, 2022
affected < 1.51.0-8.el8fixed 1.51.0-8.el8
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.