It was discovered that Expat could be made to consume large amounts of resources. If a user or automated system were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. (CVE-2023-52425, CVE-2024-28757)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchexpat< 2.6.2-1expat-2.6.2-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	expat	< 2.6.2-1	expat-2.6.2-1.mga9

References

bugs.mageia.org/show_bug.cgi?id=32970

ubuntu.com/security/notices/USN-6694-1

nessus 39

cloudfoundry 1

openvas 33

redhat 25

osv 7

oraclelinux 2

almalinux 2

ubuntu 1

slackware 3

githubexploit 3

cbl_mariner 4

ibm 24

f5 2

fedora 11

nvd 2

cvelist 2

ubuntucve 2

redos 1

veracode 2

aix 2

alpinelinux 2

redhatcve 2

debiancve 2

cve 2

rocky 1

debian 1

prion 1

photon 4

nessus

Ubuntu 22.04 LTS / 23.10 : Expat vulnerabilities (USN-6694-1)

2024-03-14 00:00:00

Oracle Linux 9 : expat (ELSA-2024-1530)

2024-03-27 00:00:00

RHEL 9 : expat (RHSA-2024:1530)

2024-03-26 00:00:00

cloudfoundry

USN-6694-1: Expat vulnerabilities | Cloud Foundry

2024-04-04 00:00:00

openvas

Mageia: Security Advisory (MGASA-2024-0072)

2024-03-19 00:00:00

openSUSE: Security Advisory for expat (SUSE-SU-2024:1129-1)

2024-04-09 00:00:00

Ubuntu: Security Advisory (USN-6694-1)

2024-03-15 00:00:00

redhat

(RHSA-2024:1530) Moderate: expat security update

2024-03-26 16:30:26

(RHSA-2024:2633) Important: updated rhceph-6.1 container image

2024-05-01 01:13:16

(RHSA-2024:1615) Moderate: expat security update

2024-04-02 17:25:56

osv

Moderate: expat security update

2024-03-26 00:00:00

expat vulnerabilities

2024-03-14 10:19:40

CVE-2024-28757

2024-03-10 05:15:06

oraclelinux

expat security update

2024-03-26 00:00:00

expat security update

2024-04-03 00:00:00

almalinux

Moderate: expat security update

2024-03-26 00:00:00

Moderate: expat security update

2024-04-02 00:00:00

ubuntu

Expat vulnerabilities

2024-03-14 00:00:00

slackware

[slackware-security] expat

2024-03-13 19:51:59

[slackware-security] expat

2024-02-07 20:13:19

[slackware-security] python3

2024-03-20 21:14:26

githubexploit

Exploit for CVE-2024-28757

2024-05-03 09:21:27

Exploit for CVE-2024-28757

2024-05-03 04:58:24

Exploit for CVE-2024-28757

2024-05-03 09:24:51

cbl_mariner

CVE-2024-28757 affecting package expat for versions less than 2.6.2-2

2024-04-09 20:48:36

CVE-2024-28757 affecting package expat for versions less than 2.6.2-1

2024-06-21 09:32:44

CVE-2023-52425 affecting package expat for versions less than 2.6.2-2

2024-04-09 20:48:36

ibm

Security Bulletin: AIX is affected by information disclosure due to Python (CVE-2024-28757)

2024-06-13 22:04:57

Security Bulletin: IBM® Db2® NSE (Net Search Extender) is affected by a vulnerability in the open source Expat library. (CVE-2024-28757)

2024-06-11 17:31:41

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libexpat [CVE-2023-52425]

2024-06-20 18:24:06

K000139637: Expat vulnerability CVE-2024-28757

2024-05-16 00:00:00

K000139630: Expat vulnerability CVE-2023-52425

2024-05-16 00:00:00

fedora

[SECURITY] Fedora 38 Update: mingw-expat-2.6.1-1.fc38

2024-03-19 02:00:28

[SECURITY] Fedora 39 Update: mingw-expat-2.6.1-1.fc39

2024-03-19 01:10:52

[SECURITY] Fedora 40 Update: mingw-expat-2.6.1-1.fc40

2024-03-23 00:50:46

nvd

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

cvelist

CVE-2024-28757

2024-03-10 00:00:00

CVE-2023-52425

2024-02-04 00:00:00

ubuntucve

CVE-2024-28757

2024-03-10 00:00:00

CVE-2023-52425

2024-02-04 00:00:00

redos

ROS-20240506-01

2024-05-06 00:00:00

veracode

XML Entity Expansion

2024-03-11 07:18:06

Denial Of Service

2024-02-11 08:46:00

aix

AIX is affected by information disclosure due to Python (CVE-2024-28757)

2024-06-13 15:37:38

AIX is affected by multiple vulnerabilities due to Python (CVE-2023-52425 CVE-2023-52426 CVE-2023-6597)

2024-04-11 15:29:16

alpinelinux

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

redhatcve

CVE-2024-28757

2024-03-10 10:10:35

CVE-2023-52425

2024-02-05 23:59:53

debiancve

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

cve

CVE-2024-28757

2024-03-10 05:15:06

CVE-2023-52425

2024-02-04 20:15:46

rocky

expat security update

2024-04-05 14:55:53

debian

[SECURITY] [DLA 3783-1] expat security update

2024-04-09 04:41:36

prion

Design/Logic Flaw

2024-02-04 20:15:00

photon

Important Photon OS Security Update - PHSA-2024-4.0-0582

2024-03-22 00:00:00

Important Photon OS Security Update - PHSA-2024-5.0-0229

2024-03-22 00:00:00

Important Photon OS Security Update - PHSA-2024-4.0-0581

2024-03-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.2%

JSON

Related for MGASA-2024-0072