rpm package
suse/expat&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/expat&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8176 | Hig | 7.5 | < 2.7.1-150400.3.28.1 | 2.7.1-150400.3.28.1 | Mar 14, 2025 | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c | |
| CVE-2024-28757 | — | < 2.4.4-150400.3.17.1 | 2.4.4-150400.3.17.1 | Mar 10, 2024 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | ||
| CVE-2023-52425 | — | < 2.4.4-150400.3.17.1 | 2.4.4-150400.3.17.1 | Feb 4, 2024 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. |
- affected < 2.7.1-150400.3.28.1fixed 2.7.1-150400.3.28.1
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
- CVE-2024-28757Mar 10, 2024affected < 2.4.4-150400.3.17.1fixed 2.4.4-150400.3.17.1
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
- CVE-2023-52425Feb 4, 2024affected < 2.4.4-150400.3.17.1fixed 2.4.4-150400.3.17.1
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.