Updated: 2025-11-10 02:14:47.597145
Description:
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | expat | 2.5.0 | 7.5 | HIGH | Released | CLSA-2024:1725650114 | 2024-09-06 17:23:21 | |
| CentOS 6 ELS | expat | 2.0.1 | 7.5 | HIGH | Released | CLSA-2024:1725993966 | 2024-09-20 03:40:03 | |
| CentOS 7 ELS | expat | 2.1.0 | 7.5 | HIGH | Released | CLSA-2024:1726608591 | 2024-09-26 12:39:42 | |
| CentOS 8.4 ELS | expat | 2.2.5 | 7.5 | HIGH | Released | CLSA-2024:1726163032 | 2024-09-12 14:22:57 | |
| CentOS 8.5 ELS | expat | 2.2.5 | 7.5 | HIGH | Released | CLSA-2024:1726163048 | 2024-09-12 14:22:56 | |
| CentOS Stream 8 ELS | expat | 2.2.5 | 7.5 | HIGH | Released | CLSA-2024:1726163202 | 2024-09-12 14:22:54 | |
| CloudLinux 6 ELS | expat | 2.0.1 | 7.5 | HIGH | Released | CLSA-2024:1725993990 | 2024-09-23 12:23:47 | |
| CloudLinux 7 ELS | expat | 2.1.0 | 7.5 | HIGH | Released | CLSA-2024:1726608613 | 2024-09-26 12:39:42 | |
| Debian 10 ELS | expat | 2.2.6 | 7.5 | HIGH | Released | CLSA-2025:1761902260 | 2025-10-31 12:09:08 | |
| Oracle Linux 6 ELS | expat | 2.0.1 | 7.5 | HIGH | Released | CLSA-2024:1725993841 | 2024-09-10 17:22:38 |