Описание
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
A null pointer dereference flaw has been discovered in libexpat. The function XML_ExternalEntityParserCreate failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions XML_ExternalEntityParserCreate and XML_SetUnknownEncodingHandler for an application to be vulnerable.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | expat | Fix deferred | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | expat | Fix deferred | ||
| Red Hat Enterprise Linux 7 | expat | Fix deferred | ||
| Red Hat Enterprise Linux 8 | expat | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mingw-expat | Fix deferred | ||
| Red Hat Enterprise Linux 9 | expat | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
2.9 Low
CVSS3
Связанные уязвимости
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy ...
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
Уязвимость библиотеки для анализа XML-файлов libexpat, связанная с разыменованием нулевого указателя, позволяющая нарушителю вызвать отказ в обслуживании4
EPSS
2.9 Low
CVSS3