Skip to content

update: expat #1686

New issue
New issue
Closed
flatcar/scripts
#2750
Closed
update: expat#1686
flatcar/scripts
#2750
Labels
advisorysecurity advisorycvss/HIGH> 7 && < 9 assessed CVSSsecuritysecurity concerns
@dongsupark

Description

@dongsupark
dongsupark
opened on Mar 14, 2025

Name: expat
CVEs: CVE-2024-8176
CVSSs: 7.5
Action Needed: update to >= 2.7.0

Summary: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

refmap.gentoo: https://bugs.gentoo.org/951316

Metadata

Metadata

Assignees

No one assigned

    Labels

    advisorysecurity advisorycvss/HIGH> 7 && < 9 assessed CVSSsecuritysecurity concerns

    Type

    No type

    Projects

    Flatcar tactical, release planning, and roadmap

    Status

    Implemented

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions