First published: Mon Jun 24 2019(Updated: )
libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el6 | 0:7.64.1-36.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el6 | 0:2.4.37-57.jbcs.el6 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el6 | 0:1.39.2-25.jbcs.el6 |
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el7 | 0:7.64.1-36.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el7 | 0:2.4.37-57.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el7 | 0:1.39.2-25.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-7.jbcs.el7 | 0:0.4.10-7.jbcs.el7 |
redhat/expat | <0:2.1.0-12.el7 | 0:2.1.0-12.el7 |
redhat/mingw-expat | <0:2.2.4-5.el8 | 0:2.2.4-5.el8 |
redhat/expat | <0:2.2.5-4.el8 | 0:2.2.5-4.el8 |
IBM RDNG | <=6.0.2 | |
IBM RDNG | <=6.0.6.1 | |
IBM RDNG | <=6.0.6 | |
IBM DOORS Next | <=7.0 | |
Libexpat Project Libexpat | <2.2.7 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Oracle Hospitality RES 3700 | >=5.7<=5.7.6 | |
Oracle HTTP Server | =12.1.3.0 | |
Oracle HTTP Server | =12.2.1.4.0 | |
Oracle Outside In Technology | =8.5.4 | |
Oracle Outside In Technology | =8.5.5 | |
Tenable Nessus | <8.15.0 | |
debian/expat | <=2.2.6-1<=2.2.0-2+deb9u1<=2.2.0-1 | 2.2.6-2 2.2.0-2+deb9u2 |
redhat/expat | <2.2.7 | 2.2.7 |
debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u7 2.2.10-2+deb11u5 2.5.0-1 2.6.2-1 | |
ubuntu/expat | <2.2.5-3ubuntu0.1 | 2.2.5-3ubuntu0.1 |
ubuntu/expat | <2.2.6-1ubuntu0.18.10 | 2.2.6-1ubuntu0.18.10 |
ubuntu/expat | <2.2.6-1ubuntu0.19.04 | 2.2.6-1ubuntu0.19.04 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.1.0-4ubuntu1.4+ | 2.1.0-4ubuntu1.4+ |
ubuntu/expat | <2.2.6-2 | 2.2.6-2 |
ubuntu/expat | <2.1.0-7ubuntu0.16.04.4 | 2.1.0-7ubuntu0.16.04.4 |
ubuntu/libxmltok | <1.2-4ubuntu0.18.04.1~ | 1.2-4ubuntu0.18.04.1~ |
ubuntu/libxmltok | <1.2-4ubuntu0.20.04.1~ | 1.2-4ubuntu0.20.04.1~ |
ubuntu/libxmltok | <1.2-4ubuntu0.22.04.1~ | 1.2-4ubuntu0.22.04.1~ |
ubuntu/libxmltok | <1.2-3ubuntu0.16.04.1~ | 1.2-3ubuntu0.16.04.1~ |
ubuntu/vtk | <5.8.0-14.1ubuntu3+ | 5.8.0-14.1ubuntu3+ |
ubuntu/vtk | <5.10.1+dfsg-2.1ubuntu0.1~ | 5.10.1+dfsg-2.1ubuntu0.1~ |
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)