CVE-2023-52426

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-52426
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cwe.mitre.org/data/definitions/776.html Technical Description
https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 Patch Vendor Advisory
https://github.com/libexpat/libexpat/pull/777 Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/
https://security.netapp.com/advisory/ntap-20240307-0005/
Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
History

07 Mar 2024, 17:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240307-0005/ -

26 Feb 2024, 16:27

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/ -

09 Feb 2024, 02:02

Type Values Removed Values Added
CPE cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Summary
  • (es) libexpat hasta 2.5.0 permite la expansión recursiva de entidades XML si XML_DTD no está definido en el momento de la compilación.
References () https://cwe.mitre.org/data/definitions/776.html - () https://cwe.mitre.org/data/definitions/776.html - Technical Description
References () https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 - () https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404 - Patch, Vendor Advisory
References () https://github.com/libexpat/libexpat/pull/777 - () https://github.com/libexpat/libexpat/pull/777 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5
CWE CWE-776
First Time Libexpat Project libexpat
Libexpat Project

04 Feb 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-02-04 20:15

Updated : 2024-03-07 17:15

NVD link : CVE-2023-52426

Mitre link : CVE-2023-52426

CVE.ORG link : CVE-2023-52426

JSON object : View

Products Affected

libexpat_project

  • libexpat
CWE
CWE-776

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')