ALT-PU-2020-3273-1
Closed vulnerabilities
Published: 2018-01-10
BDU:2019-03327
Уязвимость функции libexpat библиотеки языка C для выполнения грамматического разбора XML Expat, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-08-28
BDU:2019-03643
Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с неверным ограничением xml-ссылок на внешние объекты, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2019-06-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:1777
- openSUSE-SU-2019:1777
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
- https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
- https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
- https://github.com/libexpat/libexpat/issues/186
- https://github.com/libexpat/libexpat/issues/186
- https://github.com/libexpat/libexpat/pull/262
- https://github.com/libexpat/libexpat/pull/262
- https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
- https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
- [debian-lts-announce] 20190629 [SECURITY] [DLA 1839-1] expat security update
- [debian-lts-announce] 20190629 [SECURITY] [DLA 1839-1] expat security update
- FEDORA-2019-18868e1715
- FEDORA-2019-18868e1715
- FEDORA-2019-139fcda84d
- FEDORA-2019-139fcda84d
- 20190628 [SECURITY] [DSA 4472-1] expat security update
- 20190628 [SECURITY] [DSA 4472-1] expat security update
- GLSA-201911-08
- GLSA-201911-08
- https://security.netapp.com/advisory/ntap-20190703-0001/
- https://security.netapp.com/advisory/ntap-20190703-0001/
- https://support.f5.com/csp/article/K51011533
- https://support.f5.com/csp/article/K51011533
- USN-4040-1
- USN-4040-1
- USN-4040-2
- USN-4040-2
- DSA-4472
- DSA-4472
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.tenable.com/security/tns-2021-11
- https://www.tenable.com/security/tns-2021-11
Published: 2019-09-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- openSUSE-SU-2019:2204
- openSUSE-SU-2019:2204
- openSUSE-SU-2019:2205
- openSUSE-SU-2019:2205
- openSUSE-SU-2019:2420
- openSUSE-SU-2019:2420
- openSUSE-SU-2019:2424
- openSUSE-SU-2019:2424
- openSUSE-SU-2019:2425
- openSUSE-SU-2019:2425
- openSUSE-SU-2019:2447
- openSUSE-SU-2019:2447
- openSUSE-SU-2019:2451
- openSUSE-SU-2019:2451
- openSUSE-SU-2019:2459
- openSUSE-SU-2019:2459
- openSUSE-SU-2019:2452
- openSUSE-SU-2019:2452
- openSUSE-SU-2019:2464
- openSUSE-SU-2019:2464
- openSUSE-SU-2020:0010
- openSUSE-SU-2020:0010
- openSUSE-SU-2020:0086
- openSUSE-SU-2020:0086
- http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
- http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
- http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
- http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
- http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
- http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
- 20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
- 20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
- 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
- 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
- 20191213 APPLE-SA-2019-12-10-5 tvOS 13.3
- 20191213 APPLE-SA-2019-12-10-5 tvOS 13.3
- 20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1
- 20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1
- RHSA-2019:3210
- RHSA-2019:3210
- RHSA-2019:3237
- RHSA-2019:3237
- RHSA-2019:3756
- RHSA-2019:3756
- https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
- https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
- https://github.com/libexpat/libexpat/issues/317
- https://github.com/libexpat/libexpat/issues/317
- https://github.com/libexpat/libexpat/issues/342
- https://github.com/libexpat/libexpat/issues/342
- https://github.com/libexpat/libexpat/pull/318
- https://github.com/libexpat/libexpat/pull/318
- [debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update
- [debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update
- [debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update
- [debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update
- FEDORA-2019-9505c6b555
- FEDORA-2019-9505c6b555
- FEDORA-2019-613edfe68b
- FEDORA-2019-613edfe68b
- FEDORA-2019-672ae0f060
- FEDORA-2019-672ae0f060
- 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1
- 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1
- 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3
- 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3
- 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
- 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
- 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update
- 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update
- 20191118 [SECURITY] [DSA 4571-1] thunderbird security update
- 20191118 [SECURITY] [DSA 4571-1] thunderbird security update
- 20191021 [slackware-security] python (SSA:2019-293-01)
- 20191021 [slackware-security] python (SSA:2019-293-01)
- 20190917 [slackware-security] expat (SSA:2019-259-01)
- 20190917 [slackware-security] expat (SSA:2019-259-01)
- 20190923 [SECURITY] [DSA 4530-1] expat security update
- 20190923 [SECURITY] [DSA 4530-1] expat security update
- GLSA-201911-08
- GLSA-201911-08
- https://security.netapp.com/advisory/ntap-20190926-0004/
- https://security.netapp.com/advisory/ntap-20190926-0004/
- https://support.apple.com/kb/HT210785
- https://support.apple.com/kb/HT210785
- https://support.apple.com/kb/HT210788
- https://support.apple.com/kb/HT210788
- https://support.apple.com/kb/HT210789
- https://support.apple.com/kb/HT210789
- https://support.apple.com/kb/HT210790
- https://support.apple.com/kb/HT210790
- https://support.apple.com/kb/HT210793
- https://support.apple.com/kb/HT210793
- https://support.apple.com/kb/HT210794
- https://support.apple.com/kb/HT210794
- https://support.apple.com/kb/HT210795
- https://support.apple.com/kb/HT210795
- USN-4132-1
- USN-4132-1
- USN-4132-2
- USN-4132-2
- USN-4165-1
- USN-4165-1
- USN-4202-1
- USN-4202-1
- USN-4335-1
- USN-4335-1
- DSA-4530
- DSA-4530
- DSA-4549
- DSA-4549
- DSA-4571
- DSA-4571
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.tenable.com/security/tns-2021-11
- https://www.tenable.com/security/tns-2021-11