FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-24 08:54:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8f71ad3b-14f5-11f0-87ba-002590c1f29c	expat: improper restriction of xml entity expansion depth secalert@redhat.com reports: A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. Discovery 2025-03-14 Entry 2025-04-09 expat < 2.7.0 CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176
ca5f3bbc-7a62-11ef-9533-f875a43e1796	expat -- multiple vulnerabilities libexpat reports: CVE-2024-45490: Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution. CVE-2024-45491: Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. CVE-2024-45492: Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution. Discovery 2024-09-24 Entry 2024-09-24 expat < 2.6.3 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 https://github.com/libexpat/libexpat/blob/master/expat/Changes

VuXML ID

Description

8f71ad3b-14f5-11f0-87ba-002590c1f29c

expat: improper restriction of xml entity expansion depth

secalert@redhat.com reports:

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Discovery 2025-03-14
Entry 2025-04-09
expat

< 2.7.0

CVE-2024-8176
https://nvd.nist.gov/vuln/detail/CVE-2024-8176

ca5f3bbc-7a62-11ef-9533-f875a43e1796

expat -- multiple vulnerabilities

libexpat reports:

CVE-2024-45490: Calling function XML_ParseBuffer with len < 0 without noticing and then calling XML_GetBuffer will have XML_ParseBuffer fail to recognize the problem and XML_GetBuffer corrupt memory. With the fix, XML_ParseBuffer now complains with error XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse has been doing since Expat 2.2.1, and now documented. Impact is denial of service to potentially artitrary code execution.

CVE-2024-45491: Internal function dtdCopy can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution.

CVE-2024-45492: Internal function nextScaffoldPart can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Impact is denial of service to potentially artitrary code execution.

Discovery 2024-09-24
Entry 2024-09-24
expat

< 2.6.3

CVE-2024-45490
CVE-2024-45491
CVE-2024-45492
https://github.com/libexpat/libexpat/blob/master/expat/Changes