MNBSD-2025-2: stack overflow in expat

Severity: Unknown

Affected Package: expat

Summary: stack overflow in expat

Description

Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities general entities in character data ("&g1;") general entities in attribute values ("") parameter entities ("%p1;")

Affected Versions

expat

Specific versions:

Recommendations

Use expat from mports on older releases as a workaround. 4.0-current has been updated to expat 2.7.1

References

Additional Information

Aliases: CVE-2024-8176

Published: April 02, 2025
Last Modified: April 02, 2025