Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: luajitPackages.luaexpat

Found 1 matching suggestions

Untriaged

Permalink CVE-2024-8176

created 4 months, 3 weeks ago

Libexpat: expat: improper restriction of xml entity expansion depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Affected products

expat

*

rhcos

firefox

libexpat

<2.7.0

xmlrpc-c

*

lua-expat

mingw-expat

thunderbird

compat-expat1

firefox:flatpak/firefox

discovery/discovery-ui-rhel9

*

thunderbird:flatpak/thunderbird

discovery/discovery-server-rhel9

*

Red Hat JBoss Core Services 2.4.62.SP1

devworkspace/devworkspace-project-clone-rhel9

*

registry.redhat.io/discovery/discovery-ui-rhel9

*

registry.redhat.io/discovery/discovery-server-rhel9

*

registry.redhat.io/devworkspace/devworkspace-project-clone-rhel9

*

Matching in nixpkgs

pkgs.expat

Stream-oriented XML parser library written in C

nixos-unstable -
- nixpkgs-unstable 2.7.1

pkgs.hexpatch

Binary patcher and editor written in Rust with a terminal user interface

nixos-unstable -
- nixpkgs-unstable 1.12.3

pkgs.xmlrpc_c

Lightweight RPC library based on XML and HTTP

nixos-unstable -
- nixpkgs-unstable 1.60.05

pkgs.xulrunner

Web browser built from Firefox source tree

nixos-unstable -
- nixpkgs-unstable 142.0.1

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

nixos-unstable -
- nixpkgs-unstable 2.15.0

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

nixos-unstable -
- nixpkgs-unstable 2.79.3

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

nixos-unstable -
- nixpkgs-unstable 1.1.1

pkgs.firefox-unwrapped

Web browser built from Firefox source tree

nixos-unstable -
- nixpkgs-unstable 142.0.1

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

nixos-unstable -
- nixpkgs-unstable 1.9.0

pkgs.luaPackages.luaexpat

XML Expat parsing

nixos-unstable -
- nixpkgs-unstable 1.4.1-1

pkgs.firefox-esr-unwrapped

Web browser built from Firefox source tree

nixos-unstable -
- nixpkgs-unstable 140.2.0esr

pkgs.firefox-beta-unwrapped

Web browser built from Firefox Beta Release source tree

nixos-unstable -
- nixpkgs-unstable 144.0b1

pkgs.haskellPackages.hexpat

XML parser/formatter based on expat

nixos-unstable -
- nixpkgs-unstable 0.20.13

pkgs.lua51Packages.luaexpat

XML Expat parsing

nixos-unstable -
- nixpkgs-unstable 1.4.1-1

pkgs.lua52Packages.luaexpat

XML Expat parsing

nixos-unstable -
- nixpkgs-unstable 1.4.1-1

pkgs.lua53Packages.luaexpat

XML Expat parsing

nixos-unstable -
- nixpkgs-unstable 1.4.1-1

pkgs.lua54Packages.luaexpat

XML Expat parsing

nixos-unstable -
- nixpkgs-unstable 1.4.1-1

pkgs.luajitPackages.luaexpat

XML Expat parsing

nixos-unstable -
- nixpkgs-unstable 1.4.1-1

pkgs.haskellPackages.hxt-expat

Expat parser for HXT

nixos-unstable -
- nixpkgs-unstable 9.1.1

pkgs.firefox-devedition-unwrapped

Web browser built from Firefox Developer Edition source tree

nixos-unstable -
- nixpkgs-unstable 144.0b1

pkgs.haskellPackages.hexpat-pickle

XML picklers based on hexpat, source-code-similar to those of the HXT package

nixos-unstable -
- nixpkgs-unstable 0.6

pkgs.haskellPackages.hexpat-tagsoup

Parse (possibly malformed) HTML to hexpat tree

nixos-unstable -
- nixpkgs-unstable 0.1

pkgs.gnomeExtensions.firefox-profiles

Easily launch Firefox with your favorite profile right from the indicator menu!

nixos-unstable -
- nixpkgs-unstable 4

pkgs.chickenPackages_5.chickenEggs.expat

An interface to James Clark's Expat XML parser

nixos-unstable -
- nixpkgs-unstable 2.2

pkgs.roundcubePlugins.thunderbird_labels

None

nixos-unstable -
- nixpkgs-unstable 1.6.0

pkgs.thunderbirdPackages.thunderbird-128

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 128.14.0esr

pkgs.thunderbirdPackages.thunderbird-esr

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 140.2.1esr

pkgs.thunderbirdPackages.thunderbird-latest

Full-featured e-mail client

nixos-unstable -
- nixpkgs-unstable 142.0

pkgs.vscode-extensions.firefox-devtools.vscode-firefox-debug

Visual Studio Code extension for debugging web applications and browser extensions in Firefox

nixos-unstable -
- nixpkgs-unstable 2.15.0

Package maintainers

@pmahoney Patrick Mahoney <pat@polycrystal.org>
@magnetophon Bart Brouns <bart@magnetophon.nl>
@jopejoe1 jopejoe1 <nixpkgs@missing.ninja>
@rhendric Ryan Hendrickson
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>
@ambroisie Bruno BELANYI <bruno.nixpkgs@belanyi.fr>
@unode Renato Alves <alves.rjc@gmail.com>
@schnusch schnusch
@camillemndn Camille M. <camillemondon@free.fr>
@pasqui23 pasqui23 <p3dimaria@hotmail.it>
@honnip Jung seungwoo <me@honnip.page>
@RatCornu Balthazar Patiachvili <ratcornu+programmation@skaven.org>
@Shados Alexei Robyn <shados@shados.net>
@flosse Markus Kohlhase <mail@markus-kohlhase.de>
@vcunat Vladimír Čunát <v@cunat.cz>
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@nbp Nicolas B. Pierron <nixos@nbp.name>
@felschr Felix Schröter <dev@felschr.com>
@bjornfor Bjørn Forsman <bjorn.forsman@gmail.com>

1