CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Libexpat Project » Libexpat » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-25315 190 Overflow 2022-02-18 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
2 CVE-2022-25314 190 Overflow 2022-02-18 2022-06-14
5.0
None Remote Low Not required None None Partial
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
3 CVE-2022-25313 400 2022-02-18 2022-06-14
4.3
None Remote Medium Not required None None Partial
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
4 CVE-2022-25236 668 2022-02-16 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
5 CVE-2022-25235 116 2022-02-16 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
6 CVE-2022-23990 190 Overflow 2022-01-26 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7 CVE-2022-23852 190 Overflow 2022-01-24 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
8 CVE-2022-22827 190 Overflow 2022-01-10 2022-06-14
6.8
None Remote Medium Not required Partial Partial Partial
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
9 CVE-2022-22826 190 Overflow 2022-01-10 2022-06-14
6.8
None Remote Medium Not required Partial Partial Partial
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
10 CVE-2022-22825 190 Overflow 2022-01-10 2022-06-14
6.8
None Remote Medium Not required Partial Partial Partial
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
11 CVE-2022-22824 190 Overflow 2022-01-10 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
12 CVE-2022-22823 190 Overflow 2022-01-10 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
13 CVE-2022-22822 190 Overflow 2022-01-10 2022-06-14
7.5
None Remote Low Not required Partial Partial Partial
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
14 CVE-2021-46143 190 Overflow 2022-01-06 2022-06-14
6.8
None Remote Medium Not required Partial Partial Partial
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
15 CVE-2021-45960 682 2022-01-01 2022-07-12
9.0
None Remote Low ??? Complete Complete Complete
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
16 CVE-2019-15903 125 2019-09-04 2022-07-28
5.0
None Remote Low Not required None None Partial
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
17 CVE-2018-20843 611 2019-06-24 2022-04-18
7.8
None Remote Low Not required None None Complete
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
18 CVE-2017-9233 611 2017-07-25 2022-07-28
5.0
None Remote Low Not required None None Partial
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
19 CVE-2016-5300 399 DoS 2016-06-16 2021-07-31
7.8
None Remote Low Not required None None Complete
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
20 CVE-2016-4472 119 DoS Exec Code Overflow 2016-06-30 2022-07-05
6.8
None Remote Medium Not required Partial Partial Partial
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
21 CVE-2016-0718 119 DoS Exec Code Overflow 2016-05-26 2022-06-27
7.5
None Remote Low Not required Partial Partial Partial
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
22 CVE-2015-1283 190 DoS Overflow 2015-07-23 2022-07-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
23 CVE-2013-0340 611 DoS 2014-01-21 2022-07-05
6.8
None Remote Medium Not required Partial Partial Partial
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
24 CVE-2012-6702 310 2016-06-16 2021-01-25
4.3
None Remote Medium Not required None Partial None
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
25 CVE-2012-1148 399 DoS 2012-07-03 2021-01-25
5.0
None Remote Low Not required None None Partial
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
26 CVE-2012-1147 20 DoS 2012-07-03 2021-01-25
4.3
None Remote Medium Not required None None Partial
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
27 CVE-2012-0876 400 DoS 2012-07-03 2022-08-05
4.3
None Remote Medium Not required None None Partial
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
Total number of vulnerabilities : 27   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.