OESA-2025-2564
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-2564
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2025-2564.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2025-2564
- Upstream
- Published
- 2025-10-31T14:13:03Z
- Modified
- 2025-10-31T18:49:49.719106Z
- Summary
- expat security update
- Details
-
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.
Security Fix(es):
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.(CVE-2024-8176)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS / expat
Package
- Name
- expat
- Purl
- pkg:rpm/openEuler/expat&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.5.0-12.oe2403
Ecosystem specific
{
"x86_64": [
"expat-2.5.0-12.oe2403.x86_64.rpm",
"expat-debuginfo-2.5.0-12.oe2403.x86_64.rpm",
"expat-debugsource-2.5.0-12.oe2403.x86_64.rpm",
"expat-devel-2.5.0-12.oe2403.x86_64.rpm"
],
"aarch64": [
"expat-2.5.0-12.oe2403.aarch64.rpm",
"expat-debuginfo-2.5.0-12.oe2403.aarch64.rpm",
"expat-debugsource-2.5.0-12.oe2403.aarch64.rpm",
"expat-devel-2.5.0-12.oe2403.aarch64.rpm"
],
"noarch": [
"expat-help-2.5.0-12.oe2403.noarch.rpm"
],
"src": [
"expat-2.5.0-12.oe2403.src.rpm"
]
}