CVE Vulnerabilities

CVE-2024-28757

Published: Mar 10, 2024 | Modified: May 01, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Affected Software

Name Vendor Start Version End Version
Red Hat Enterprise Linux 9 RedHat expat-0:2.5.0-1.el9_3.1 *
Red Hat Enterprise Linux 9 RedHat expat-0:2.5.0-1.el9_3.1 *
Red Hat Enterprise Linux 9.2 Extended Update Support RedHat expat-0:2.5.0-1.el9_2.1 *
Cadaver Ubuntu mantic *
Expat Ubuntu esm-infra-legacy/trusty *
Expat Ubuntu esm-infra/bionic *
Expat Ubuntu esm-infra/xenial *
Expat Ubuntu focal *
Expat Ubuntu jammy *
Expat Ubuntu mantic *
Expat Ubuntu trusty/esm *
Libxmltok Ubuntu devel *
Libxmltok Ubuntu esm-apps/bionic *
Libxmltok Ubuntu esm-apps/focal *
Libxmltok Ubuntu esm-apps/jammy *
Libxmltok Ubuntu esm-apps/noble *
Libxmltok Ubuntu esm-apps/xenial *
Libxmltok Ubuntu focal *
Libxmltok Ubuntu jammy *
Libxmltok Ubuntu mantic *
Libxmltok Ubuntu noble *
Matanza Ubuntu mantic *
Swish-e Ubuntu mantic *
Tdom Ubuntu mantic *
Wbxml2 Ubuntu mantic *
Xmlrpc-c Ubuntu mantic *

References