INFSA-2024:4259: xmlrpc-c security and bug fix update
Information about definition
Identificator: INFSA-2024:4259
Type: security
Release date: 2024-08-23 19:03:05 UTC
Information about package
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Vulnerabilities description
- CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-52425
|
no information | 7.5 | no information |
Updated packages