← voltar
CVE-2026-25210

CVE-2026-25210

CVSS 6.9 MEDIUMEPSS 0.2%CWE-190
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Produtos afetados
libexpat project · libexpat

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert-portal.siemens.com/productcert/html/ssa-253495.htmlhttps://github.com/libexpat/libexpat/pull/1075https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7