{"id":"CLSA-2026-1776440644","summary":"expat: Fix of 4 CVEs","details":"- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor\n  and entityValueProcessor\n- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of\n  large tokens in small buffer refills; fix buffer growth calculation\n- CVE-2013-0340: add billion laughs (entity expansion bomb)\n  attack protection with amplification limit (100x max, 8 MiB activation\n  threshold); includes fix for isolated external parser bypass (CVE-2024-28757)\n- CVE-2024-28757: add billion laughs (entity expansion bomb)\n  attack protection with amplification limit (100x max, 8 MiB activation\n  threshold); includes fix for isolated external parser bypass (CVE-2024-28757)","modified":"2026-05-27T11:33:08.126177498Z","published":"2026-04-21T17:07:46Z","upstream":["CVE-2013-0340","CVE-2017-9233","CVE-2023-52425","CVE-2024-28757"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos7els/CLSA-2026-1776440644.html"}],"affected":[{"package":{"name":"expat","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/expat?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-15.0.7.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1776440644.json"}},{"package":{"name":"expat-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/expat-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-15.0.7.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1776440644.json"}},{"package":{"name":"expat-static","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/expat-static?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-15.0.7.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1776440644.json"}}],"schema_version":"1.7.5"}