CLSA-2026-1776441769
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/rhel7els/CLSA-2026-1776441769.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2026-1776441769
- Upstream
- Published
- 2026-04-20T09:17:20Z
- Modified
- 2026-05-27T11:33:58.482917859Z
- Summary
- expat: Fix of 4 CVEs
- Details
-
- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor and entityValueProcessor
- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of large tokens in small buffer refills; fix buffer growth calculation
- CVE-2013-0340: add billion laughs (entity expansion bomb) attack protection with amplification limit (100x max, 8 MiB activation threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- CVE-2024-28757: add billion laughs (entity expansion bomb) attack protection with amplification limit (100x max, 8 MiB activation threshold); includes fix for isolated external parser bypass (CVE-2024-28757)
- References
Affected packages
TuxCare:RHEL:7 / expat
Package
- Name
- expat
- Purl
- pkg:rpm/tuxcare/expat?distro=rhel-7
TuxCare:RHEL:7 / expat-devel
Package
- Name
- expat-devel
- Purl
- pkg:rpm/tuxcare/expat-devel?distro=rhel-7