CVE-2024-28757

Name
CVE-2024-28757
Description
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/libexpat/libexpat/issues/839
cve@mitre.org https://github.com/libexpat/libexpat/pull/842
vendor-advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
vendor-advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
cve@mitre.org https://security.netapp.com/advisory/ntap-20240322-0001/
vendor-advisory https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
mailing-list http://www.openwall.com/lists/oss-security/2024/03/15/1

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
expat 3.16-main 2.6.2-r0 Carlo Landmeter <clandmeter@alpinelinux.org> fixed