Library expat has vulnerability CVE-2023-52425
Closed this issue · 1 comments
github-actions commented
https://nvd.nist.gov/vuln/detail/CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Smjert commented
Expat is only used in the dbus protocol, when osquery requests information about systemd units and services; it could be possible to create a systemd service file that causes the issue somehow, but if user service files are not accepted, then one would need to root access, making this more difficult to exploit.
Also systemd/dbus may already sanitize this.
In any case we can update.