Описание
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
A flaw was found in Expat (libexpat). If XML_DTD is undefined at compile time, a recursive XML Entity Expansion condition can be triggered. This issue may lead to a condition where data is expanded exponentially, which will quickly consume system resources and cause a denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 8 | expat | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox:flatpak/firefox | Will not fix | ||
| Red Hat Enterprise Linux 8 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 8 | thunderbird:flatpak/thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 8 | xmlrpc-c | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DT ...
EPSS
5.5 Medium
CVSS3