VYPR

rpm package

suse/expat&distro=SUSE Linux Enterprise Module for Basesystem 15 SP5

pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5

Vulnerabilities (6)

  • CVE-2024-50602Oct 27, 2024
    affected < 2.4.4-150400.3.25.1fixed 2.4.4-150400.3.25.1

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

  • CVE-2024-45492CriAug 30, 2024
    affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1

    An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45491CriAug 30, 2024
    affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1

    An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45490HigAug 30, 2024
    affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1

    An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

  • CVE-2024-28757Mar 10, 2024
    affected < 2.4.4-150400.3.17.1fixed 2.4.4-150400.3.17.1

    libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

  • CVE-2023-52425Feb 4, 2024
    affected < 2.4.4-150400.3.17.1fixed 2.4.4-150400.3.17.1

    libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.