{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-32778", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-16T07:02:33.921Z", "datePublished": "2026-03-16T07:02:34.410Z", "dateUpdated": "2026-03-17T14:39:21.950Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libexpat", "vendor": "libexpat project", "versions": [{"lessThan": "2.7.5", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T07:13:44.917Z"}, "references": [{"url": "https://github.com/libexpat/libexpat/pull/1159"}, {"url": "https://github.com/libexpat/libexpat/pull/1163"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T14:38:41.545343Z", "id": "CVE-2026-32778", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:39:21.950Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32778", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T14:38:41.545343Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:39:17.823Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "libexpat project", "product": "libexpat", "versions": [{"status": "affected", "version": "0", "lessThan": "2.7.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/libexpat/libexpat/pull/1159"}, {"url": "https://github.com/libexpat/libexpat/pull/1163"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-16T07:13:44.917Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32778", "state": "PUBLISHED", "dateUpdated": "2026-03-17T14:39:21.950Z", "dateReserved": "2026-03-16T07:02:33.921Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-16T07:02:34.410Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE95FCA4-11DD-4E66-8259-4884F323D57B", "versionEndExcluding": "2.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition."}], "id": "CVE-2026-32778", "lastModified": "2026-03-17T15:52:53.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:19:44.970", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libexpat/libexpat/pull/1159"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libexpat/libexpat/pull/1163"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", "id": "2447885", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447885"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["A flaw was found in libexpat. This vulnerability allows an attacker to trigger a NULL pointer dereference in the `setContext` function. This occurs when the system attempts to retry an operation after an out-of-memory condition, which can lead to a Denial of Service (DoS) for the affected application."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-32778", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-16T07:02:34Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32778\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32778\nhttps://github.com/libexpat/libexpat/pull/1159\nhttps://github.com/libexpat/libexpat/pull/1163"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.7.5)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "libexpat", "source": "cna", "vendor": "libexpat project"}, "product": "libexpat", "vendor": "libexpat_project"}], "analysis": {"en": {"generated_at": "2026-03-17T17:29:31.334793+00:00", "value": {"mitigation_remediation": ["Apply the latest libexpat release (2.7.5 or newer) via your package manager or rebuild from source.", "Verify that the update is active in all affected applications.", "Monitor logs for signs of out\u2011of\u2011memory incidents or unexpected process crashes and limit XML input size if a patch cannot be applied immediately."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The libexpat library from the libexpat project, in any application that links to it, is affected. All versions before 2.7.5 are vulnerable. This includes typical Linux distributions, embedded systems, and any third\u2011party software that bundles an older libexpat.", "description_and_impact": "The vulnerability exists in libexpat versions prior to 2.7.5. A NULL pointer dereference is triggered in the setContext function when retrying after an earlier out\u2011of\u2011memory condition. This leads to a crash of the process that uses the library, resulting in a denial of service. The weakness is a Null Pointer Dereference, CWE\u2011476.", "risk_and_exploitability": "The CVSS score of 2.9 indicates low severity, and the EPSS score is below 1\u202f%, meaning the likelihood of exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local: an attacker or privileged user can supply a large XML document to trigger an out\u2011of\u2011memory condition and then cause the library to crash, leading to service interruption. Because it is a denial of service, it does not compromise confidentiality or integrity."}}}}, "created": "2026-03-17T09:53:11.763138+00:00", "updated": "2026-03-24T10:45:37.383042+00:00", "vendors": ["libexpat_project", "libexpat_project$PRODUCT$libexpat"]}