PT-2024-3924 · Libexpat+5 · Libexpat+5

Published

2024-02-04

Updated

2026-04-01

CVE-2023-52426

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: libexpat versions through 2.5.0

Description: The issue is related to the incorrect limitation of recursive references to objects in DTD, which can lead to a denial of service. This is caused by recursive XML Entity Expansion if XML DTD is undefined at compile time.

Recommendations: For libexpat versions through 2.5.0, consider defining XML DTD at compile time to prevent recursive XML Entity Expansion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-776

Related Identifiers

ALT-PU-2024-17539

AZL-34208

AZL-34684

BDU:2024-04334

CLEANSTART-2026-EM10970

CLEANSTART-2026-MH09144

CLEANSTART-2026-YT18139

CVE-2023-52426

ECHO-3235-462B-0D89

OESA-2024-1379

OPENSUSE-SU-2024:13695-1

ROSA-SA-2025-2604

SUSE-SU-2025:20207-1

SUSE-SU-2025:20311-1

Affected Products

Alt Linux

Astra Linux

Debian

Ibm Aix

Red Os

Libexpat

PT-2024-3924 · Libexpat+5 · Libexpat+5

CVE-2023-52426

Weakness Enumeration

Related Identifiers

Affected Products

References · 122