xmlrpc-c-c++ (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package xmlrpc-c-c++, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2024-45491 — CVSS 9.8 (critical): An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms…
CVE-2022-25235 — CVSS 9.8 (critical): xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is…
CVE-2021-46143 — CVSS 8.1 (high): In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2023-52425 — CVSS 7.5 (high): libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large…
CVE-2024-8176 — CVSS 7.5 (high): A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When…