Sign In

CVE-2023-52425

SOURCE - nist

Summary

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

EPSS Score: 0.00057 (0.231)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-400

Uncontrolled Resource Consumption

SOURCE - redhat

CWE-400

Uncontrolled Resource Consumption

Sources (11)

Impacted images

debian

CREATED

UPDATED

SOURCE IDCVE-2023-52425
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE
PackageTypeOS NameOS VersionAffected RangesFix Versions
debian/expatdebdebian12>=2.5.0-1Not yet available
debian/expatdebdebian13<2.6.0-12.6.0-1
debian/expatdebdebian10<2.2.6-2+deb10u72.2.6-2+deb10u7
debian/expatdebdebian11>=2.2.10-2+deb11u5Not yet available
debian/expatdebdebianunstable<2.6.0-12.6.0-1

Severity and metrics

No CVSS data available from this source.

nist

CREATED

UPDATED

SOURCE IDCVE-2023-52425
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-400

CVSS SCORE

7.5high

alpine

CREATED

UPDATED

SOURCE IDCVE-2023-52425
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2023-52425
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

alma

CREATED

UPDATED

SOURCE IDALSA-2024:1530
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

alma

CREATED

UPDATED

SOURCE IDALSA-2024:1615
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

redhat

CREATED

UPDATED

SOURCE IDCVE-2023-52425
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-400

CVSS SCORE

5.3medium

rocky

CREATED

UPDATED

SOURCE IDRLSA-2024:1615
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

oracle

CREATED

UPDATED

SOURCE IDELSA-2024-1530
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

oracle

CREATED

UPDATED

SOURCE IDELSA-2024-1615
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

inthewild

CREATED

UPDATED

SOURCE IDCVE-2023-52425
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE