Flatcar icon indicating copy to clipboard operation
Flatcar copied to clipboard
verified publisher icon flatcar

update: expat

Open dongsupark opened this issue 1 year ago • 1 comments

Name: expat CVEs: CVE-2023-52425 CVSSs: 7.5, tbd Action Needed: update to >= 2.6.2

Summary:

  • CVE-2023-52425: libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
  • CVE-2024-28757: vulnerable to billion laughs attacks with isolated use of external parsers

refmap.gentoo: https://bugs.gentoo.org/923951, https://bugs.gentoo.org/926786

dongsupark avatar Feb 07 '24 14:02 dongsupark

Added CVE-2024-28757

tormath1 avatar Mar 12 '24 08:03 tormath1