pkg:Alpine/expat
共 38 筆 CVECRITICAL10HIGH20MEDIUM7LOW1
✅ 檢查你的版本
所有已知漏洞
- from 0, < 2.6.3-r0
- from 0, < 2.6.3-r0
- CRITICAL9.8CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.from 0, < 2.2.10-r2
- CRITICAL9.8CVE-2022-25236xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.from 0, < 2.2.10-r2
- from 0, < 2.2.10-r2
- from 0, < 2.2.10-r1
- CRITICAL9.8CVE-2022-22824defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.from 0, < 2.2.10-r0
- CRITICAL9.8CVE-2022-22823build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.from 0, < 2.2.10-r0
- CRITICAL9.8CVE-2022-22822addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.from 0, < 2.2.10-r0
- from 0, < 2.1.1-r1
- HIGH8.8CVE-2022-22827storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.from 0, < 2.2.10-r0
- HIGH8.8CVE-2022-22826nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.from 0, < 2.2.10-r0
- HIGH8.8CVE-2022-22825lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.from 0, < 2.2.10-r0
- from 0, < 2.2.10-r0
- from 0, < 2.2.10-r7
- HIGH8.1CVE-2016-4472The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denia…from 0, < 2.1.1-r2
- HIGH7.8CVE-2026-25210In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow c…from 0, < 2.7.4-r0
- HIGH7.8CVE-2021-46143In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.from 0, < 2.2.10-r0
- from 0, < 2.7.2-r0
- HIGH7.5CVE-2024-8176A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents.from 0, < 2.7.0-r0
- from 0, < 2.6.3-r0
- HIGH7.5CVE-2024-28757libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntity…from 0, < 2.6.2-r0
- from 0, < 2.6.0-r0
- from 0, < 2.2.10-r8
- HIGH7.5CVE-2022-25314In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.from 0, < 2.2.10-r2
- HIGH7.5CVE-2022-23990Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.from 0, < 2.2.10-r1
- from 0, < 2.2.7-r1
- from 0, < 2.2.7-r0
- from 0, < 2.2.0-r1
- HIGH7.5CVE-2016-5300The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial…from 0, < 2.2.0-r0
- MEDIUM6.5CVE-2022-25313In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.from 0, < 2.2.10-r2
- from 0, < 2.6.4-r0
- from 0, < 2.2.0-r0
- MEDIUM5.5CVE-2026-32778libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.from 0, < 2.7.5-r0
- from 0, < 2.7.5-r0
- MEDIUM5.5CVE-2026-32776libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.from 0, < 2.7.5-r0
- MEDIUM5.5CVE-2023-52426libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.from 0, < 2.6.0-r0
- LOW2.5CVE-2026-24515In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.from 0, < 2.7.4-r0