CVE-2023-52425

Updated: 2024-08-26 21:37:10.036468

Description:

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU expat 2.5.0 7.5 HIGH Released CLSA-2024:1714065693 2024-04-25 21:43:16
CentOS 6 ELS expat 2.0.1 7.5 HIGH Ignored 2024-03-27 14:09:26
CentOS 7 ELS expat 2.1.0 7.5 HIGH Ignored 2024-03-27 14:09:22
CentOS 8.4 ELS expat 2.2.5 7.5 HIGH Released CLSA-2024:1714727652 2024-05-03 10:00:34
CentOS 8.5 ELS expat 2.2.5 7.5 HIGH Released CLSA-2024:1714727824 2024-05-03 10:00:34
CentOS Stream 8 ELS expat 2.2.5 7.5 HIGH Already Fixed 2024-07-05 10:14:05
CloudLinux 6 ELS expat 2.0.1 7.5 HIGH Ignored 2024-03-27 14:09:26
Oracle Linux 6 ELS expat 2.0.1 7.5 HIGH Ignored 2024-03-27 14:09:25
Ubuntu 16.04 ELS expat 2.1.0 7.5 HIGH Ignored 2024-03-19 17:10:17
Ubuntu 18.04 ELS expat 2.2.5-3 7.5 HIGH Ignored 2024-03-19 17:10:17

Statement

We've reasoned not to port the fix for this CVE following upstream recommendation not to do this. The fixes are tied to the new functionality which is absent in older versions.