CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-28757

Medium Severity
Fedoraproject
SVRS
36/100
CVSSv3
7.5/10
EPSS
0.00487/1

CVE-2024-28757 allows a dangerous XML Entity Expansion attack in libexpat. This vulnerability affects applications using libexpat version 2.6.1 and earlier when they independently use external parsers. The XML External Entity (XXE) injection can lead to denial of service and potentially sensitive information disclosure. While the CVSS score is 7.5, the SOCRadar Vulnerability Risk Score (SVRS) of 36 suggests a relatively lower immediate risk compared to vulnerabilities with scores above 80, but this doesn't negate the risk. Successful exploitation could allow attackers to exhaust system resources by causing the parser to process excessively large XML documents, leading to denial of service. Organizations using affected versions of libexpat should apply the necessary patches or mitigations. This vulnerability is significant due to the widespread use of libexpat in various applications.

TAGS
In The Wild
Mailing-list
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-03-10
LAST MODIFIED2025-03-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-28757 is an XML Entity Expansion vulnerability in libexpat versions up to 2.6.1. This vulnerability allows an attacker to send a specially crafted XML document to an application that uses libexpat to parse XML. The attacker-controlled XML document can cause the application to consume excessive resources, leading to a denial-of-service (DoS) attack.

Key Insights

  • The SVRS of 38 indicates that this vulnerability is of moderate severity.
  • This vulnerability is actively exploited in the wild, making it a high priority for patching.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.

Mitigation Strategies

  • Update libexpat to version 2.6.2 or later.
  • Use a web application firewall (WAF) to block malicious XML requests.
  • Implement input validation to prevent the processing of malicious XML documents.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-28757 | libexpat up to 2.6.1 XML_ExternalEntityParserCreate xml external entity reference (Issue 839 / Nessus ID 211212)
vuldb.com2025-02-26
CVE-2024-28757 | libexpat up to 2.6.1 XML_ExternalEntityParserCreate xml external entity reference (Issue 839 / Nessus ID 211212) | A vulnerability was found in libexpat up to 2.6.1. It has been rated as problematic. This issue affects the function XML_ExternalEntityParserCreate. The manipulation leads to xml external entity reference. The identification of this vulnerability is CVE-2024-28757. The attack needs to be approached within
vuldb.com
rss
forum
news
Tageszusammenfassung - 16.05.2024
CERT.at2024-05-17
Tageszusammenfassung - 16.05.2024 | End-of-Day report Timeframe: Mittwoch 15-05-2024 18:00 - Donnerstag 16-05-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer News To the Moon and back(doors): Lunar landing in diplomatic missions ESET researchers provide technical analysis of the Lunar toolset, likely used by the Turla APT group, that infiltrated a European ministry of foreign affairs. <p class="block
cve-2024-28757
cve-2024-34359
cve-2024-28863
cve-2024-3400

Social Media

No tweets found for this CVE

Affected Software

Configuration 2
TypeVendorProduct
OSFedoraprojectfedora
Configuration 3
TypeVendorProduct
AppNetappactive_iq_unified_manager
AppNetapponcommand_workflow_automation
AppNetappontap
AppNetappontap_tools
AppNetappwindows_host_utilities
Configuration 4
TypeVendorProduct
OSNetapph300s_firmware
Configuration 5
TypeVendorProduct
OSNetapph500s_firmware
Configuration 6
TypeVendorProduct
OSNetapph700s_firmware
Configuration 7
TypeVendorProduct
OSNetapph410s_firmware
Configuration 8
TypeVendorProduct
OSNetapph410c_firmware
Configuration 9
TypeVendorProduct
OSNetapph610c_firmware
Configuration 10
TypeVendorProduct
OSNetapph610s_firmware

References

ReferenceLink
[email protected]https://github.com/libexpat/libexpat/issues/839
[email protected]https://github.com/libexpat/libexpat/pull/842
[email protected]https://github.com/libexpat/libexpat/issues/839
[email protected]https://github.com/libexpat/libexpat/pull/842
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
[email protected]https://github.com/libexpat/libexpat/issues/839
[email protected]https://github.com/libexpat/libexpat/pull/842
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
[email protected]https://security.netapp.com/advisory/ntap-20240322-0001/
[email protected]https://github.com/libexpat/libexpat/issues/839
[email protected]https://github.com/libexpat/libexpat/pull/842
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
[email protected]https://security.netapp.com/advisory/ntap-20240322-0001/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/15/1
[email protected]https://github.com/libexpat/libexpat/issues/839
[email protected]https://github.com/libexpat/libexpat/pull/842
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
[email protected]https://security.netapp.com/advisory/ntap-20240322-0001/
[OSS-SECURITY] 20240315 EXPAT 2.6.2 RELEASED, INCLUDES SECURITY FIXEShttp://www.openwall.com/lists/oss-security/2024/03/15/1
FEDORA-2024-40B98C9CEDhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
FEDORA-2024-4E6E660FAEhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
FEDORA-2024-AFB73E6F62https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/03/15/1
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/libexpat/libexpat/issues/839
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/libexpat/libexpat/pull/842
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240322-0001/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/15/1
[email protected]https://github.com/libexpat/libexpat/issues/839
[email protected]https://github.com/libexpat/libexpat/pull/842
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/
[email protected]https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/
[email protected]https://security.netapp.com/advisory/ntap-20240322-0001/

CWE Details

CWE IDCWE NameDescription
CWE-776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence