Vulnerabilities > Libexpat Project

DATE CVE VULNERABILITY TITLE RISK
2022-02-18 CVE-2022-25313 Resource Exhaustion vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
4.3
2022-02-18 CVE-2022-25314 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
5.0
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
7.5
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
7.5
2022-02-16 CVE-2022-25236 Exposure of Resource to Wrong Sphere vulnerability in multiple products
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
network
low complexity
libexpat-project debian oracle CWE-668
7.5
2022-01-26 CVE-2022-23990 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
7.5
2022-01-10 CVE-2022-22822 Integer Overflow or Wraparound vulnerability in multiple products
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable CWE-190
7.5
2022-01-10 CVE-2022-22823 Integer Overflow or Wraparound vulnerability in multiple products
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable CWE-190
7.5
2022-01-10 CVE-2022-22824 Integer Overflow or Wraparound vulnerability in multiple products
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable CWE-190
7.5