First published: Tue Jul 25 2017(Updated: )
libexpat. Multiple issues were addressed by updating to version 2.2.1
Credit: CVE-2016-9063 CVE-2017-9233 CVE-2016-9063 CVE-2017-9233 CVE-2016-9063 CVE-2017-9233 CVE-2016-9063 CVE-2017-9233 cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iOS | <11 | 11 |
Apple tvOS | <11 | 11 |
Apple watchOS | <4 | 4 |
Apple macOS High Sierra | <10.13 | 10.13 |
Libexpat Project Libexpat | <=2.2.0 | |
Python Python | >=2.7.0<2.7.15 | |
Python Python | >=3.3.0<3.3.7 | |
Python Python | >=3.4.0<3.4.7 | |
Python Python | >=3.5.0<3.5.4 | |
Python Python | >=3.6.0<3.6.2 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u6 2.2.10-2+deb11u5 2.5.0-1 2.5.0-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2017-9233 is an XML External Entity vulnerability in libexpat 2.2.0 and earlier.
CVE-2017-9233 has a severity of high (7.5).
CVE-2017-9233 allows attackers to put the libexpat parser in an infinite loop using a malformed external entity definition from an external DTD.
You can fix CVE-2017-9233 in libexpat on Debian by updating to version 2.2.6-2+deb10u4, 2.2.6-2+deb10u6, 2.2.10-2+deb11u5, 2.5.0-1, or 2.5.0-2.
Python versions 2.7.0 to 2.7.15, 3.3.0 to 3.3.7, 3.4.0 to 3.4.7, 3.5.0 to 3.5.4, and 3.6.0 to 3.6.2 are affected by CVE-2017-9233.