CVE-2022-25313

Public on 2022-02-18

Modified on 2024-02-07

Description

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Severity

Medium

See what this means

CVSS v3 Base Score

6.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 2 - Core	expat	2023-10-05	ALAS2-2023-2280	Fixed
Amazon Linux 2023	expat	2023-03-22	ALAS2023-2023-058	Fixed