Volerion logoVolerion
Volerion logoVolerion

libexpat Denial-of-Service Vulnerability Due to Attribute Name Collision Checks

Vulnerability

A denial-of-service vulnerability has been identified in libexpat versions prior to 2.8.1. The issue arises from the computational complexity involved in checking for collisions in attribute names, which can be exploited using moderately sized crafted XML input.

Impact

Exploitation of this vulnerability leads to the denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users can upgrade to libexpat version 2.8.1 or later to address this vulnerability.

Added: May 10, 2026, 7:18 AM
Updated: May 10, 2026, 7:18 AM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
4.7
remediation
7.7
relevance
7.9
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.