rpm package
almalinux/xmlrpc-c-devel
pkg:rpm/almalinux/xmlrpc-c-devel
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8176 | Hig | 7.5 | < 1.51.0-11.el8_10 | 1.51.0-11.el8_10 | Mar 14, 2025 | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c | |
| CVE-2024-45491 | Cri | 9.8 | < 1.51.0-10.el8_10 | 1.51.0-10.el8_10 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2023-52425 | — | < 1.51.0-9.el8_10 | 1.51.0-9.el8_10 | Feb 4, 2024 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | ||
| CVE-2022-25235 | — | < 1.51.0-5.el8_5.1 | 1.51.0-5.el8_5.1 | Feb 16, 2022 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | ||
| CVE-2022-22822 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 8, 2022 | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22823 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 8, 2022 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22824 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 8, 2022 | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22825 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 8, 2022 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22826 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 8, 2022 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2022-22827 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 8, 2022 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | ||
| CVE-2021-46143 | — | < 1.51.0-8.el8 | 1.51.0-8.el8 | Jan 6, 2022 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
- affected < 1.51.0-11.el8_10fixed 1.51.0-11.el8_10
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
- affected < 1.51.0-10.el8_10fixed 1.51.0-10.el8_10
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- CVE-2023-52425Feb 4, 2024affected < 1.51.0-9.el8_10fixed 1.51.0-9.el8_10
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
- CVE-2022-25235Feb 16, 2022affected < 1.51.0-5.el8_5.1fixed 1.51.0-5.el8_5.1
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- CVE-2022-22822Jan 8, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22823Jan 8, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22824Jan 8, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22825Jan 8, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22826Jan 8, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2022-22827Jan 8, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- CVE-2021-46143Jan 6, 2022affected < 1.51.0-8.el8fixed 1.51.0-8.el8
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.