Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Affected products
- *
- <2.7.0
- *
- *
- *
- *
- *
- *
- *
Matching in nixpkgs
pkgs.hexpatch
Binary patcher and editor written in Rust with a terminal user interface
-
nixos-unstable -
- nixpkgs-unstable 1.12.3
pkgs.xmlrpc_c
Lightweight RPC library based on XML and HTTP
-
nixos-unstable -
- nixpkgs-unstable 1.60.05
pkgs.firefoxpwa
Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)
-
nixos-unstable -
- nixpkgs-unstable 2.15.0
pkgs.faust2firefox
The faust2firefox script, part of faust functional programming language for realtime audio signal processing
-
nixos-unstable -
- nixpkgs-unstable 2.79.3
pkgs.firefox_decrypt
Tool to extract passwords from profiles of Mozilla Firefox and derivates
-
nixos-unstable -
- nixpkgs-unstable 1.1.1
pkgs.firefox-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable -
- nixpkgs-unstable 142.0.1
pkgs.firefox-sync-client
Commandline-utility to list/view/edit/delete entries in a firefox-sync account
-
nixos-unstable -
- nixpkgs-unstable 1.9.0
pkgs.luaPackages.luaexpat
XML Expat parsing
-
nixos-unstable -
- nixpkgs-unstable 1.4.1-1
pkgs.firefox-esr-unwrapped
Web browser built from Firefox source tree
-
nixos-unstable -
- nixpkgs-unstable 140.2.0esr
pkgs.firefox-beta-unwrapped
Web browser built from Firefox Beta Release source tree
-
nixos-unstable -
- nixpkgs-unstable 144.0b1
pkgs.haskellPackages.hexpat
XML parser/formatter based on expat
-
nixos-unstable -
- nixpkgs-unstable 0.20.13
pkgs.lua51Packages.luaexpat
XML Expat parsing
-
nixos-unstable -
- nixpkgs-unstable 1.4.1-1
pkgs.lua52Packages.luaexpat
XML Expat parsing
-
nixos-unstable -
- nixpkgs-unstable 1.4.1-1
pkgs.lua53Packages.luaexpat
XML Expat parsing
-
nixos-unstable -
- nixpkgs-unstable 1.4.1-1
pkgs.lua54Packages.luaexpat
XML Expat parsing
-
nixos-unstable -
- nixpkgs-unstable 1.4.1-1
pkgs.luajitPackages.luaexpat
XML Expat parsing
-
nixos-unstable -
- nixpkgs-unstable 1.4.1-1
pkgs.haskellPackages.hxt-expat
Expat parser for HXT
-
nixos-unstable -
- nixpkgs-unstable 9.1.1
pkgs.firefox-devedition-unwrapped
Web browser built from Firefox Developer Edition source tree
-
nixos-unstable -
- nixpkgs-unstable 144.0b1
pkgs.haskellPackages.hexpat-pickle
XML picklers based on hexpat, source-code-similar to those of the HXT package
-
nixos-unstable -
- nixpkgs-unstable 0.6
pkgs.gnomeExtensions.firefox-profiles
Easily launch Firefox with your favorite profile right from the indicator menu!
-
nixos-unstable -
- nixpkgs-unstable 4
pkgs.chickenPackages_5.chickenEggs.expat
An interface to James Clark's Expat XML parser
-
nixos-unstable -
- nixpkgs-unstable 2.2
pkgs.roundcubePlugins.thunderbird_labels
None
-
nixos-unstable -
- nixpkgs-unstable 1.6.0
pkgs.thunderbirdPackages.thunderbird-128
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 128.14.0esr
pkgs.thunderbirdPackages.thunderbird-esr
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 140.2.1esr
pkgs.thunderbirdPackages.thunderbird-latest
Full-featured e-mail client
-
nixos-unstable -
- nixpkgs-unstable 142.0
pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug
Visual Studio Code extension for debugging web applications and browser extensions in Firefox
-
nixos-unstable -
- nixpkgs-unstable 2.15.0
Package maintainers
-
@pmahoney Patrick Mahoney <pat@polycrystal.org>
-
@magnetophon Bart Brouns <bart@magnetophon.nl>
-
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
-
@rhendric Ryan Hendrickson
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
-
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
-
@unode Renato Alves <alves.rjc@gmail.com>
-
@schnusch schnusch
-
@camillemndn Camille M. <camillemondon@free.fr>
-
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
-
@honnip Jung seungwoo <me@honnip.page>
-
@RatCornu Balthazar Patiachvili <ratcornu+programmation@skaven.org>
-
@Shados Alexei Robyn <shados@shados.net>
-
@flosse Markus Kohlhase <mail@markus-kohlhase.de>
-
@vcunat Vladimír Čunát <v@cunat.cz>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@nbp Nicolas B. Pierron <nixos@nbp.name>
-
@felschr Felix Schröter <dev@felschr.com>
-
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>