4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.4%
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.
Author | Note |
---|---|
sbeattie | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) |
leosilva | from version 2.4.5-2 is known that fix for CVE-2022-25313 caused a regression so additional patches are needed. |
rodrigo-zaiden | libxmltok does not include build_model so, it is not affected. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | ayttm | < any | UNKNOWN |
ubuntu | 16.04 | noarch | cableswig | < any | UNKNOWN |
ubuntu | 18.04 | noarch | cadaver | < any | UNKNOWN |
ubuntu | 20.04 | noarch | cadaver | < any | UNKNOWN |
ubuntu | 22.04 | noarch | cadaver | < any | UNKNOWN |
ubuntu | 23.10 | noarch | cadaver | < any | UNKNOWN |
ubuntu | 24.04 | noarch | cadaver | < any | UNKNOWN |
ubuntu | 16.04 | noarch | cadaver | < any | UNKNOWN |
ubuntu | 18.04 | noarch | coin3 | < any | UNKNOWN |
ubuntu | 14.04 | noarch | coin3 | < any | UNKNOWN |
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.006 Low
EPSS
Percentile
79.4%