CVE-2018-20843

Опубликовано: 24 июн. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
Mailing List
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
Issue Tracking
Third Party Advisory
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Release Notes
Third Party Advisory
https://github.com/libexpat/libexpat/issues/186
Issue Tracking
Patch
Third Party Advisory
https://github.com/libexpat/libexpat/pull/262
Exploit
Patch
Third Party Advisory
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
https://seclists.org/bugtraq/2019/Jun/39
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201911-08
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190703-0001/
Third Party Advisory
https://support.f5.com/csp/article/K51011533
Third Party Advisory
https://usn.ubuntu.com/4040-1/
Third Party Advisory
https://usn.ubuntu.com/4040-2/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4472
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Версия до 2.2.7 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:a:oracle:hospitality_res_3700:*:*:*:*:*:*:*:*

Версия от 5.7 (включая) до 5.7.6 (включая)

cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*

Конфигурация 7

cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Версия до 8.15.0 (исключая)

EPSS

Процентиль: 90%

0.05817

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2018-20843

CVSS3: 7.5

ubuntu

почти 6 лет назад

CVE-2018-20843

CVSS3: 7.5

redhat

около 6 лет назад

CVE-2018-20843

CVSS3: 7.5

msrc

почти 5 лет назад

Описание отсутствует

CVE-2018-20843

CVSS3: 7.5

debian

почти 6 лет назад

In libexpat in Expat before 2.2.7, XML input including XML names that ...

openSUSE-SU-2019:1777-1

suse-cvrf

почти 6 лет назад

Security update for expat

EPSS

Процентиль: 90%

0.05817

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-611