Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Expat: Denial of Service — GLSA 202210-38

A vulnerability has been found in Expat which could result in denial of service.

Affected packages

Package dev-libs/expat on all architectures
Affected versions < 2.5.0
Unaffected versions >= 2.5.0

Background

Expat is a set of XML parsing libraries.

Description

In certain out-of-memory situations, Expat may free memory before it should, leading to a use-after-free.

Impact

A use-after-free can result in denial of service.

Workaround

There is no known workaround at this time.

Resolution

All Expat users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.5.0"

References

Release date
October 31, 2022

Latest revision
October 31, 2022: 1

Severity
low

Exploitable
remote

Bugzilla entries