ГлавнаяУязвимости → CVE-2024-28757
7.5высокая

CVE-2024-28757

→ есть в БДУ: BDU:2024-01976 (на русском)
Описание (на английском; русское — в БДУ выше)

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

Затрагиваемое ПО
Libexpat project LibexpatFedoraproject FedoraNetapp Active iq unified managerNetapp Oncommand workflow automationNetapp OntapNetapp Ontap toolsNetapp Windows host utilitiesNetapp H300s firmwareNetapp H300sNetapp H500s firmwareNetapp H500sNetapp H700s firmwareNetapp H700sNetapp H410s firmwareNetapp H410sNetapp H410c firmwareNetapp H410cNetapp H610c firmwareNetapp H610cNetapp H610s firmwareNetapp H610s
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
http://www.openwall.com/lists/oss-security/2024/03/15/1https://github.com/libexpat/libexpat/issues/839https://github.com/libexpat/libexpat/pull/842https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/https://security.netapp.com/advisory/ntap-20240322-0001/http://www.openwall.com/lists/oss-security/2024/03/15/1