Описание
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Меры по смягчению последствий
Do not parse untrusted arbitrary XML data using the expat package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | expat | Will not fix | ||
| Red Hat Enterprise Linux 5 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 5 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 5 | xmlrpc-c | Will not fix | ||
| Red Hat Enterprise Linux 5 | xulrunner | Will not fix | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Will not fix | ||
| Red Hat Enterprise Linux 6 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 6 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 6 | xulrunner | Will not fix | ||
| Red Hat Enterprise Linux 7 | expat | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Уязвимость функции entityValueInitProcessor библиотеки для анализа XML-файлов libexpat, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3