CVE-2023-52425

Published: Feb 4, 2024Modified: Nov 4, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Affected (1)

Products: Libexpat Project: Libexpat

Libexpat Project

1 product

Libexpat

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libexpat Project Libexpat	Up to 2.5.0

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (14)

http://www.openwall.com/lists/oss-security/2024/03/20/5

Source: cve@mitre.org

https://github.com/libexpat/libexpat/pull/789

Source: cve@mitre.org

ExploitVendor Advisory

https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20240614-0003/

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2024/03/20/5