libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Uncontrolled Resource Consumption
Uncontrolled Resource Consumption
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/expat | deb | debian | 12 | >=2.5.0-1 | Not yet available |
debian/expat | deb | debian | 13 | <2.6.0-1 | 2.6.0-1 |
debian/expat | deb | debian | 10 | <2.2.6-2+deb10u7 | 2.2.6-2+deb10u7 |
debian/expat | deb | debian | 11 | >=2.2.10-2+deb11u5 | Not yet available |
debian/expat | deb | debian | unstable | <2.6.0-1 | 2.6.0-1 |
Severity and metrics
No CVSS data available from this source.
3.9
-
3.9
-
-
3.9
-
-
-
-
-