CVE-2019-15903

Опубликовано: 04 сент. 2019

Источник: nvd

CVSS3: 7.5

CVSS3: 6.5

CVSS2: 5

EPSS Низкий

Описание

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Dec/23
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/27
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/30
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3210
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Версия до 2.2.8 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Версия от 2.7.0 (включая) до 2.7.17 (исключая)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Версия от 3.5.0 (включая) до 3.5.8 (исключая)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Версия от 3.6.0 (включая) до 3.6.10 (исключая)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Версия от 3.7.0 (включая) до 3.7.5 (исключая)

EPSS

Процентиль: 42%

0.00199

Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2019-15903

CVSS3: 7.5

ubuntu

почти 6 лет назад

CVE-2019-15903

CVSS3: 7.5

redhat

почти 6 лет назад

CVE-2019-15903

CVSS3: 7.5

debian

почти 6 лет назад

In libexpat before 2.2.8, crafted XML input could fool the parser into ...

openSUSE-SU-2019:2205-1

suse-cvrf

больше 5 лет назад

Security update for expat

openSUSE-SU-2019:2204-1

suse-cvrf

больше 5 лет назад

Security update for expat

EPSS

Процентиль: 42%

0.00199

Низкий

7.5 High

CVSS3

6.5 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125