6.9
CVE-2026-56132
- EPSS 0.11%
- Veröffentlicht 19.06.2026 03:00:42
- Zuletzt bearbeitet 23.06.2026 20:15:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libexpat Project ≫ Libexpat Version < 2.8.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.014 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.9 | 1.4 | 5.5 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
|
| cve@mitre.org | 6.9 | 1.4 | 5.5 |
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
|
CWE-821 Incorrect Synchronization
The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.
https://github.com/libexpat/libexpat/pull/1272