- Description
- libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- libexpat
CVSS 3.1
- Type
- Secondary
- Base score
- 2.9
- Impact score
- 1.4
- Exploitability score
- 1.4
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- LOW
- cve@mitre.org
- CWE-331
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8645A458-70D0-4DA9-BB49-EED4D13CFD0A",
"versionEndExcluding": "2.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]