Debian Libxmltok vulnerabilities

41 known vulnerabilities affecting debian/libxmltok.

Total CVEs

41

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL11HIGH14MEDIUM8LOW8

Vulnerabilities

Page 1 of 3

CVE-2024-45492CRITICALCVSS 9.8fixed in expat 2.5.0-1+deb12u1 (bookworm)2024

CVE-2024-45492 [CRITICAL] CVE-2024-45492: expat - An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c... An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u1) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.2-2) sid: resolved (fixed in 2.6.2-2) trixie: reso

CVE-2024-45491CRITICALCVSS 9.8fixed in expat 2.5.0-1+deb12u1 (bookworm)2024

CVE-2024-45491 [CRITICAL] CVE-2024-45491: expat - An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have... An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u1) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.2-2) sid: resolved (fixed in 2.6.2-2) trixie: resolved (fi

CVE-2024-8176HIGHCVSS 7.5fixed in expat 2.5.0-1+deb12u2 (bookworm)2024

CVE-2024-8176 [HIGH] CVE-2024-8176: expat - A stack overflow vulnerability exists in the libexpat library due to the way it ... A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploita

CVE-2024-45490HIGHCVSS 7.5fixed in expat 2.5.0-1+deb12u1 (bookworm)2024

CVE-2024-45490 [HIGH] CVE-2024-45490: expat - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a n... An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u1) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.2-2) sid: resolved (fixed in 2.6.2-2) trixie: resolved (fixed in 2.6.2-2)

CVE-2024-50602MEDIUMCVSS 5.9fixed in expat 2.5.0-1+deb12u2 (bookworm)2024

CVE-2024-50602 [MEDIUM] CVE-2024-50602: expat - An issue was discovered in libexpat before 2.6.4. There is a crash within the XM... An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u2) bullseye: resolved (fixed in 2.2.10-2+deb11u7) forky: resolved (fixed in 2.6.3-2) sid: resolved (fixed in 2.6.3-2) trixie: resolved (fixed in 2.

CVE-2024-28757LOWCVSS 7.5fixed in expat 2.6.1-2 (forky)2024

CVE-2024-28757 [HIGH] CVE-2024-28757: expat - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isola... libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.6.1-2) sid: resolved (fixed in 2.6.1-2) trixie: resolved (fixed in 2.6.1-2)

CVE-2023-52425HIGHCVSS 7.5fixed in expat 2.5.0-1+deb12u2 (bookworm)2023

CVE-2023-52425 [HIGH] CVE-2023-52425: expat - libexpat through 2.5.0 allows a denial of service (resource consumption) because... libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u2) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.0-1) sid: resolved (fixed in 2.6.0-1) trixie:

CVE-2023-52426LOWCVSS 5.5fixed in expat 2.6.0-1 (forky)2023

CVE-2023-52426 [MEDIUM] CVE-2023-52426: expat - libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undef... libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.6.0-1) sid: resolved (fixed in 2.6.0-1) trixie: resolved (fixed in 2.6.0-1)

CVE-2022-22822CRITICALCVSS 9.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22822 [CRITICAL] CVE-2022-22822: expat - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer ove... addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-25315CRITICALCVSS 9.8fixed in expat 2.4.5-1 (bookworm)2022

CVE-2022-25315 [CRITICAL] CVE-2022-25315: expat - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNa... In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.2.10-2+deb11u2) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2022-25235CRITICALCVSS 9.8fixed in expat 2.4.5-1 (bookworm)2022

CVE-2022-25235 [CRITICAL] CVE-2022-25235: expat - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of e... xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.2.10-2+deb11u2) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2022-22823CRITICALCVSS 9.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22823 [CRITICAL] CVE-2022-22823: expat - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer ov... build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-23852CRITICALCVSS 9.8fixed in expat 2.4.3-2 (bookworm)2022

CVE-2022-23852 [CRITICAL] CVE-2022-23852: expat - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer... Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Scope: local bookworm: resolved (fixed in 2.4.3-2) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-2) sid: resolved (fixed in 2.4.3-2) trixie: resolved (fixed in 2.4.3-2)

CVE-2022-25236CRITICALCVSS 9.8fixed in expat 2.4.5-1 (bookworm)2022

CVE-2022-25236 [CRITICAL] CVE-2022-25236: expat - xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert names... xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.2.10-2+deb11u2) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2022-22824CRITICALCVSS 9.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22824 [CRITICAL] CVE-2022-22824: expat - defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an intege... defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-22825HIGHCVSS 8.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22825 [HIGH] CVE-2022-22825: expat - lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflo... lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-22826HIGHCVSS 8.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22826 [HIGH] CVE-2022-22826: expat - nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ... nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-40674HIGHCVSS 8.1fixed in expat 2.4.8-2 (bookworm)2022

CVE-2022-40674 [HIGH] CVE-2022-40674: expat - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse... libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Scope: local bookworm: resolved (fixed in 2.4.8-2) bullseye: resolved (fixed in 2.2.10-2+deb11u4) forky: resolved (fixed in 2.4.8-2) sid: resolved (fixed in 2.4.8-2) trixie: resolved (fixed in 2.4.8-2)

CVE-2022-22827HIGHCVSS 8.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22827 [HIGH] CVE-2022-22827: expat - storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer over... storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-25314HIGHCVSS 7.5fixed in expat 2.4.5-1 (bookworm)2022

CVE-2022-25314 [HIGH] CVE-2022-25314: expat - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString... In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.2.10-2+deb11u2) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)