Stack Exhaustion Vulnerability in Expat (libexpat) before 2.4.5 via Large Nesting Depth in DTD Element
CVE-2022-25313 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Learn more about our Web Application Penetration Testing UK.