PT-2024-1782 · Python+13 · Python+13

Snild-Sony

·

Published

2024-02-04

·

Updated

2026-02-13

·

CVE-2023-52425

CVSS v2.0

7.8

High

AV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions libexpat versions 2.5.0 and earlier
Description The issue is related to an uncontrolled resource consumption in the libexpat library, which is used for XML parsing. This can be exploited by a remote attacker to cause a denial of service. The vulnerability arises when a large token requires multiple buffer fills, leading to many full reparsings.
Recommendations For libexpat versions 2.5.0 and earlier, update libexpat to version 2.6 or later to resolve the issue. As an alternative, for systems where Python is used, update Python to version 3.13 or later, which includes the updated libexpat library.

Exploit

Fix

DoS

Resource Exhaustion

Weakness Enumeration

CWE-400

Related Identifiers

ALSA-2024:1530
ALSA-2024:1615
ALSA-2024:4259
ALT-PU-2024-17539
BDU:2024-01514
CESA-2024_1615
CESA-2024_4259
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2023-52425
DLA-3783-1
DLA-3893-1
ECHO-1ADA-03B1-9C53
INFSA-2024_4259
MGASA-2024-0072
OESA-2024-1741
OPENSUSE-SU-2024:13695-1
OPENSUSE-SU-2024:13790-1
OPENSUSE-SU-2024:13799-1
OPENSUSE-SU-2024:13800-1
OPENSUSE-SU-2024:13883-1
OPENSUSE-SU-2024:13892-1
OPENSUSE-SU-2024:13955-1
OPENSUSE-SU-2024:14109-1
OPENSUSE-SU-2024:14434-1
OPENSUSE-SU-2024_1129-1
OPENSUSE-SU-2024_1162-1
OPENSUSE-SU-2024_1698-1
OPENSUSE-SU-2024_1862-1
OPENSUSE-SU-2025:15212-1
OPENSUSE-SU-2025:15713-1
RHSA-2024:1530
RHSA-2024:1615
RHSA-2024:2575
RHSA-2024:2839
RHSA-2024:3926
RHSA-2024:4259
RHSA-2024_1530
RHSA-2024_1615
RHSA-2024_4259
RLSA-2024:1615
ROSA-SA-2025-2563
ROSA-SA-2025-2564
ROSA-SA-2025-2604
SUSE-SU-2024:1009-1
SUSE-SU-2024:1129-1
SUSE-SU-2024:1129-2
SUSE-SU-2024:1162-1
SUSE-SU-2024:1556-1
SUSE-SU-2024:1657-1
SUSE-SU-2024:1667-1
SUSE-SU-2024:1698-1
SUSE-SU-2024:1774-1
SUSE-SU-2024:1847-1
SUSE-SU-2024:1862-1
SUSE-SU-2024:2479-1
SUSE-SU-2024:3004-1
SUSE-SU-2024_1009-1
SUSE-SU-2024_1129-1
SUSE-SU-2024_1162-1
SUSE-SU-2024_1556-1
SUSE-SU-2024_1657-1
SUSE-SU-2024_1774-1
SUSE-SU-2024_2479-1
SUSE-SU-2024_3004-1
SUSE-SU-2025:20025-1
SUSE-SU-2025:20154-1
SUSE-SU-2025:20207-1
SUSE-SU-2025:20311-1
SUSE-SU-2025:20374-1
USN-6694-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Python
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libexpat