U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 27 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

Published: February 04, 2024; 3:15:46 PM -0500
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-52425

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Published: February 04, 2024; 3:15:46 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Published: October 24, 2022; 10:15:53 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Published: September 14, 2022; 7:15:54 AM -0400
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Published: February 18, 2022; 12:15:08 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Published: February 18, 2022; 12:15:08 AM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Published: February 18, 2022; 12:15:08 AM -0500
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Published: February 15, 2022; 8:15:07 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Published: February 15, 2022; 8:15:07 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Published: January 26, 2022; 2:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Published: January 23, 2022; 9:15:06 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:57 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:57 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Published: January 10, 2022; 9:12:56 AM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Published: January 05, 2022; 11:15:07 PM -0500
V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Published: January 01, 2022; 2:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Published: September 04, 2019; 2:15:10 AM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM