Описание
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.
Отчет
The identified flaw in Expat presents a moderate severity issue due to its potential to facilitate resource exhaustion attacks, particularly in scenarios involving parsing large tokens requiring multiple buffer fills. As Expat repeatedly re-parses such tokens from the beginning, it results in disproportionate resource consumption, leading to a denial-of-service (DoS) condition. While the impact is significant, the exploitation requires specific conditions, such as parsing large tokens, which may not always align with typical usage patterns.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 8 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 8 | firefox:flatpak/firefox | Will not fix | ||
| Red Hat Enterprise Linux 8 | thunderbird | Affected | ||
| Red Hat Enterprise Linux 8 | thunderbird:flatpak/thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 9 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 9 | firefox:flatpak/firefox | Affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
libexpat through 2.5.0 allows a denial of service (resource consumptio ...
7.5 High
CVSS3