Search for packages
| purl | pkg:deb/ubuntu/expat@2.2.0-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4bzd-xbmz-aaaj
Aliases: CVE-2018-20843 |
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). |
Affected by 1 other vulnerability. |
|
VCID-gnd3-sds3-aaam
Aliases: CVE-2017-9233 |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. |
Affected by 2 other vulnerabilities. |
|
VCID-jnbc-rb8g-aaaq
Aliases: CVE-2019-15903 |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-12vz-x2ff-aaam | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. |
CVE-2016-5300
|
| VCID-fekk-wkwz-aaae | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. |
CVE-2012-6702
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|