CVE-2023-52425Uncontrolled Resource Consumption in Project Libexpat

CWE-400Uncontrolled Resource Consumption11 documents10 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexpat Project Libexpat
Timeline
PublishedFeb 4
Latest updateJul 15

Description

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

4
OSV
expat vulnerabilities2024-03-14
GHSA
GHSA-gh68-jm46-84rf: libexpat through 22024-02-04
OSV
CVE-2023-52425: libexpat through 22024-02-04
CVEList
CVE-2023-52425: libexpat through 22024-02-04

📋Vendor Advisories

5
Oracle
Oracle Oracle Communications Risk Matrix: Automated Test Suite Framework (LibExpat) — CVE-2023-524252024-07-15
Ubuntu
Expat vulnerabilities2024-03-14
Microsoft
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.2024-02-13
Red Hat
expat: parsing large tokens can trigger a denial of service2024-02-04
Debian
CVE-2023-52425: expat - libexpat through 2.5.0 allows a denial of service (resource consumption) because...2023

🕵️Threat Intelligence

1
Huntress
CVE-2023-52425 (libexpat DoS) Vulnerability: Analysis & Detection | Huntress
CVE-2023-52425 — Uncontrolled Resource Consumption | cvebase