Recursive XML Entity Expansion Vulnerability
CVE-2023-52426

5.5MEDIUM

Key Information:

Vendor: libexpat
Status: Libexpat
Vendor: CVE Published:; 4 February 2024

🔔 Create libexpat Vulnerability Alert

What is CVE-2023-52426?

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

References

https://github.com/libexpat/libexpat/pull/777

https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e...

https://cwe.mitre.org/data/definitions/776.html

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2024
Vulnerability Reserved
Feb 4, 2024

.