|
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack
exhaustion in build_model via a large nesting depth in the DTD element.
Backport patch from:
https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab
Also add patch which fixes a regression introduced in the above fix:
https://github.com/libexpat/libexpat/pull/566
CVE: CVE-2022-25313
(From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|