{"id":"CLSA-2026-1776441540","summary":"expat: Fix of 4 CVEs","details":"- CVE-2017-9233: fix external entity infinite loop in entityValueInitProcessor\n  and entityValueProcessor\n- CVE-2023-52425: add reparse deferral heuristic to prevent O(n^2) parsing of\n  large tokens in small buffer refills; fix buffer growth calculation\n- CVE-2013-0340: add billion laughs (entity expansion bomb)\n  attack protection with amplification limit (100x max, 8 MiB activation\n  threshold); includes fix for isolated external parser bypass (CVE-2024-28757)\n- CVE-2024-28757: add billion laughs (entity expansion bomb)\n  attack protection with amplification limit (100x max, 8 MiB activation\n  threshold); includes fix for isolated external parser bypass (CVE-2024-28757)","modified":"2026-05-27T11:34:24.637984205Z","published":"2026-04-20T08:47:49Z","upstream":["CVE-2013-0340","CVE-2017-9233","CVE-2023-52425","CVE-2024-28757"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/oraclelinux7els/CLSA-2026-1776441540.html"}],"affected":[{"package":{"name":"expat","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/expat?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-15.0.7.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1776441540.json"}},{"package":{"name":"expat-devel","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/expat-devel?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-15.0.7.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1776441540.json"}},{"package":{"name":"expat-static","ecosystem":"TuxCare:OracleLinux:7","purl":"pkg:rpm/tuxcare/expat-static?distro=oraclelinux-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-15.0.7.el7_9.tuxcare.els1"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2026-1776441540.json"}}],"schema_version":"1.7.5"}