CVE-2017-9233

Опубликовано: 25 июл. 2017

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Релиз	Статус	Примечание
artful	not-affected	code-not-compiled
bionic	not-affected	code-not-compiled
cosmic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	not-affected	code-not-compiled
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
artful	not-affected	code-not-compiled
bionic	not-affected	code-not-compiled
cosmic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	not-affected	code-not-compiled
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
artful	not-affected	uses system expat
bionic	not-affected	uses system expat
cosmic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal	DNE
focal	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal	DNE
focal	DNE

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	code not present
cosmic	ignored	end of life
devel	not-affected	code not present
disco	not-affected	code not present
eoan	not-affected	code not present
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/noble	not-affected	code not present

Показывать по

Релиз	Статус	Примечание
artful	not-affected	code-not-compiled
bionic	not-affected	code-not-compiled
cosmic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [code-not-compiled]]
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needs-triage
cosmic	ignored	end of life
devel	not-affected	4.0.0~CMake~6f54f1602475+ds1-2
disco	released	4.0.0~CMake~6f54f1602475+ds1-2
eoan	not-affected	4.0.0~CMake~6f54f1602475+ds1-2
esm-apps/bionic	needs-triage
esm-apps/focal	not-affected	4.0.0~CMake~6f54f1602475+ds1-2
esm-apps/jammy	not-affected	4.0.0~CMake~6f54f1602475+ds1-2
esm-apps/noble	not-affected	4.0.0~CMake~6f54f1602475+ds1-2

Показывать по

Релиз	Статус	Примечание
artful	not-affected	2.2.1-2
bionic	not-affected	2.2.1-2
cosmic	not-affected	2.2.1-2
devel	not-affected	2.2.1-2
disco	not-affected	2.2.1-2
eoan	not-affected	2.2.1-2
esm-infra-legacy/trusty	not-affected	2.1.0-4ubuntu1.4
esm-infra/bionic	not-affected	2.2.1-2
esm-infra/focal	not-affected	2.2.1-2
esm-infra/xenial	not-affected	2.1.0-7ubuntu0.16.04.3

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	67.0.4+build1-0ubuntu0.18.04.1
cosmic	not-affected	67.0.4+build1-0ubuntu0.18.10.1
devel	not-affected	67.0.4+build1-0ubuntu1
disco	not-affected	67.0.4+build1-0ubuntu0.19.04.1
eoan	not-affected	67.0.4+build1-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal	DNE
focal	not-affected	67.0.4+build1-0ubuntu1
groovy	not-affected	67.0.4+build1-0ubuntu1

Показывать по

Релиз	Статус	Примечание
artful	not-affected	uses system expat
bionic	not-affected	uses system expat
cosmic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	not-affected	code-not-compiled
bionic	not-affected	code-not-compiled
cosmic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [code-not-compiled]]
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
esm-infra/focal	DNE
focal	DNE

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	uses system expat
cosmic	not-affected	uses system expat
devel	DNE
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/xenial	needed

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code not present
devel	not-affected	code not present
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/noble	not-affected	code not present
esm-apps/xenial	not-affected	code not present
focal	not-affected	code not present
hirsute	ignored	end of life
impish	not-affected	code not present

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needs-triage
cosmic	ignored	end of life
devel	ignored
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	ignored
esm-apps/focal	ignored
esm-apps/jammy	ignored
esm-apps/noble	ignored

Показывать по

Релиз	Статус	Примечание
artful	not-affected	uses system expat
bionic	not-affected	uses system expat
cosmic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	not-affected	uses system expat
bionic	not-affected	uses system expat
cosmic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	uses system expat
cosmic	ignored	end of life
devel	needs-triage
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/xenial	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	not-affected	code-not-compiled
bionic	not-affected	code-not-compiled
cosmic	not-affected	code-not-compiled
devel	DNE
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-apps/bionic	not-affected	code-not-compiled
esm-apps/xenial	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [code-not-compiled]]
esm-infra/focal	DNE

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needs-triage
cosmic	ignored	end of life
devel	needs-triage
disco	ignored	end of life
eoan	ignored	end of life
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	uses system expat
cosmic	ignored	end of life
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	not-affected	code-not-compiled
bionic	not-affected	code-not-compiled
cosmic	not-affected	code-not-compiled
devel	not-affected	code-not-compiled
disco	not-affected	code-not-compiled
eoan	not-affected	code-not-compiled
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored [code-not-compiled]]
esm-infra/bionic	not-affected	code-not-compiled
esm-infra/focal	not-affected	code-not-compiled
esm-infra/xenial	not-affected	code-not-compiled

Показывать по

Релиз	Статус	Примечание
artful	ignored
bionic	not-affected	60.7.1+build1-0ubuntu0.18.04.1
cosmic	not-affected	60.7.1+build1-0ubuntu0.18.10.1
devel	not-affected	60.7.2+build2-0ubuntu1
disco	not-affected	60.7.1+build1-0ubuntu0.19.04.1
eoan	not-affected	60.7.2+build2-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored]
esm-infra/focal	DNE
focal	not-affected	60.7.2+build2-0ubuntu1
groovy	not-affected	60.7.2+build2-0ubuntu1

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	uses system expat
cosmic	ignored	end of life
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored
cosmic	ignored
devel	DNE
disco	ignored
eoan	ignored
esm-apps/bionic	ignored
esm-apps/xenial	ignored
esm-infra-legacy/trusty	ignored
esm-infra/focal	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-apps/xenial	not-affected	uses system expat
esm-infra-legacy/trusty	not-affected	uses system expat
esm-infra/focal	DNE
focal	DNE

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	uses system expat
cosmic	not-affected	uses system expat
devel	not-affected	uses system expat
disco	not-affected	uses system expat
eoan	not-affected	uses system expat
esm-apps/bionic	not-affected	uses system expat
esm-apps/focal	not-affected	uses system expat
esm-apps/jammy	not-affected	uses system expat
esm-apps/noble	not-affected	uses system expat

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [uses system expat]]
esm-infra/focal	DNE
focal	DNE
groovy	DNE

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	code not present
cosmic	not-affected	code not present
devel	not-affected	code not present
disco	not-affected	code not present
eoan	not-affected	code not present
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
esm-apps/noble	not-affected	code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 43%

0.00201

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-9233

CVSS3: 7.5

redhat

около 8 лет назад

CVE-2017-9233

CVSS3: 7.5

nvd

почти 8 лет назад

CVE-2017-9233

CVSS3: 7.5

debian

почти 8 лет назад

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...

GHSA-6j8w-m4cc-r7hm

CVSS3: 7.5

github

около 3 лет назад

BDU:2018-00112

CVSS3: 7.5

fstec

почти 8 лет назад

Уязвимость функции entityValueInitProcessor библиотеки для анализа XML-файлов libexpat, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 43%

0.00201

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2017-9233

Описание

Пакет apache2

Пакет apr-util

Пакет audacity

Пакет ayttm

Пакет cableswig

Пакет cadaver

Пакет cmake

Пакет coin3

Пакет expat

Пакет firefox

Пакет gdcm

Пакет ghostscript

Пакет insighttoolkit

Пакет insighttoolkit4

Пакет kompozer

Пакет libparagui1.1

Пакет libxmltok

Пакет matanza

Пакет poco

Пакет simgear

Пакет sitecopy

Пакет smart

Пакет swish-e

Пакет tdom

Пакет texlive-bin

Пакет thunderbird

Пакет tla

Пакет vnc4

Пакет vtk

Пакет wbxml2

Пакет wxwidgets2.6

Пакет wxwidgets2.8

Пакет xmlrpc-c

Ссылки на источники

Связанные уязвимости