{"id":"USN-6694-1","summary":"expat vulnerabilities","details":"It was discovered that Expat could be made to consume large amounts of\nresources. If a user or automated system were tricked into processing\nspecially crafted input, an attacker could possibly use this issue to cause\na denial of service. (CVE-2023-52425, CVE-2024-28757)\n","modified":"2026-04-27T17:08:00.988768Z","published":"2024-03-14T10:19:40Z","related":["UBUNTU-CVE-2023-52425","UBUNTU-CVE-2024-28757"],"upstream":["CVE-2023-52425","CVE-2024-28757","UBUNTU-CVE-2023-52425","UBUNTU-CVE-2024-28757"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6694-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-52425"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-28757"}],"affected":[{"package":{"name":"expat","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/expat@2.4.7-1ubuntu0.3?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.7-1ubuntu0.3"}]}],"versions":["2.4.1-2","2.4.1-3","2.4.2-1","2.4.3-1","2.4.3-2","2.4.4-1","2.4.6-1","2.4.7-1","2.4.7-1ubuntu0.1","2.4.7-1ubuntu0.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"2.4.7-1ubuntu0.3","binary_name":"expat"},{"binary_version":"2.4.7-1ubuntu0.3","binary_name":"libexpat1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6694-1.json","cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"id":"CVE-2023-52425","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2024-28757","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}