Stack Exhaustion Vulnerability in Expat (libexpat) before 2.4.5 via Large Nesting Depth in DTD Element

Stack Exhaustion Vulnerability in Expat (libexpat) before 2.4.5 via Large Nesting Depth in DTD Element

CVE-2022-25313 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Learn more about our Web Application Penetration Testing UK.