Описание
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 6 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 6 | xulrunner | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Affected | ||
| Red Hat Enterprise Linux 7 | xulrunner | Will not fix | ||
| Red Hat Enterprise Linux 8 | firefox | Affected | ||
| Red Hat Enterprise Linux 8 | thunderbird | Affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
7.8 High
CVSS3