First published: Mon Jun 24 2019(Updated: )
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el6 | 0:7.64.1-36.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el6 | 0:2.4.37-57.jbcs.el6 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el6 | 0:1.39.2-25.jbcs.el6 |
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el7 | 0:7.64.1-36.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el7 | 0:2.4.37-57.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el7 | 0:1.39.2-25.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-7.jbcs.el7 | 0:0.4.10-7.jbcs.el7 |
redhat/expat | <0:2.1.0-12.el7 | 0:2.1.0-12.el7 |
redhat/mingw-expat | <0:2.2.4-5.el8 | 0:2.2.4-5.el8 |
redhat/expat | <0:2.2.5-4.el8 | 0:2.2.5-4.el8 |
Libexpat Project Libexpat | <2.2.7 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Oracle Hospitality RES 3700 | >=5.7<=5.7.6 | |
Oracle HTTP Server | =12.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle Outside In Technology | =8.5.4 | |
Oracle Outside In Technology | =8.5.5 | |
Tenable Nessus | <8.15.0 | |
debian/expat | <=2.2.6-1<=2.2.0-2+deb9u1<=2.2.0-1 | 2.2.6-2 2.2.0-2+deb9u2 |
redhat/expat | <2.2.7 | 2.2.7 |
IBM RDNG | <=6.0.2 | |
IBM RDNG | <=6.0.6.1 | |
IBM RDNG | <=6.0.6 | |
IBM DOORS Next | <=7.0 | |
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1+deb12u1 2.6.4-1 |
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)