The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

OSVersionArchitecturePackageVersionFilename
Debian12allexpat< 2.1.1-3expat_2.1.1-3_all.deb
Debian11allexpat< 2.1.1-3expat_2.1.1-3_all.deb
Debian10allexpat< 2.1.1-3expat_2.1.1-3_all.deb
Debian999allexpat< 2.1.1-3expat_2.1.1-3_all.deb
Debian13allexpat< 2.1.1-3expat_2.1.1-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	expat	< 2.1.1-3	expat_2.1.1-3_all.deb
Debian	11	all	expat	< 2.1.1-3	expat_2.1.1-3_all.deb
Debian	10	all	expat	< 2.1.1-3	expat_2.1.1-3_all.deb
Debian	999	all	expat	< 2.1.1-3	expat_2.1.1-3_all.deb
Debian	13	all	expat	< 2.1.1-3	expat_2.1.1-3_all.deb

alpinelinux 1

f5 4

nessus 56

openvas 51

redhatcve 1

osv 4

cve 2

veracode 3

prion 2

debian 4

freebsd 3

ubuntucve 3

archlinux 2

mageia 1

fedora 6

debiancve 1

ibm 21

centos 1

ubuntu 6

securityvulns 3

oraclelinux 3

amazon 1

redhat 4

cloudfoundry 1

slackware 2

gentoo 2

vmware 1

apple 4

suse 3

androidsecurity 1

oracle 2

alpinelinux

CVE-2016-5300

2016-06-16 18:59:00

SOL70938105 - Expat XML library vulnerability CVE-2016-5300

2016-10-26 00:00:00

K70938105 : Expat XML library vulnerability CVE-2016-5300

2016-10-26 00:00:00

SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148

2015-07-10 00:00:00

nessus

F5 Networks BIG-IP : Expat XML library vulnerability (K70938105)

2016-10-27 00:00:00

openSUSE Security Update : expat (openSUSE-2017-260)

2017-02-21 00:00:00

SUSE SLES11 Security Update : expat (SUSE-SU-2017:0415-1)

2017-02-08 00:00:00

openvas

F5 BIG-IP - SOL70938105 - Expat XML library vulnerability CVE-2016-5300

2016-10-28 00:00:00

Debian Security Advisory DSA 3597-1 (expat - security update)

2016-06-07 00:00:00

Debian Security Advisory DSA 3597-1 (expat - security update)

2016-06-07 00:00:00

redhatcve

CVE-2016-5300

2016-06-06 13:18:38

osv

CVE-2016-5300

2016-06-16 18:59:00

expat - security update

2016-06-07 00:00:00

expat - security update

2016-06-08 00:00:00

cve

CVE-2016-5300

2016-06-16 18:59:00

CVE-2012-0876

2012-07-03 19:55:00

veracode

Denial Of Service (DoS)

2017-02-01 06:06:40

Denial Of Service (DoS)

2019-01-15 08:52:02

Denial Of Service (DoS)

2019-05-02 04:41:51

prion

Code injection

2016-06-16 18:59:00

Code injection

2012-07-03 19:55:00

debian

[SECURITY] [DSA 3597-1] expat security update

2016-06-07 16:44:57

[SECURITY] [DSA 3597-1] expat security update

2016-06-07 16:44:57

[SECURITY] [DLA 508-1] expat security update

2016-06-08 09:29:13

freebsd

expat -- multiple vulnerabilities

2016-03-18 00:00:00

Python 2.7 -- multiple vulnerabilities

2017-08-26 00:00:00

python 2.7 -- multiple vulnerabilities

2018-05-01 00:00:00

ubuntucve

CVE-2016-5300

2016-06-06 00:00:00

CVE-2012-0876

2012-07-03 00:00:00

CVE-2012-6702

2012-12-31 00:00:00

archlinux

expat: multiple issues

2016-06-13 00:00:00

lib32-expat: multiple issues

2016-06-13 00:00:00

mageia

Updated expat packages fix security vulnerabilities

2016-06-17 08:58:14

fedora

[SECURITY] Fedora 15 Update: expat-2.1.0-1.fc15

2012-05-15 23:27:15

[SECURITY] Fedora 16 Update: expat-2.1.0-1.fc16

2012-05-01 00:51:58

[SECURITY] Fedora 17 Update: expat-2.1.0-1.fc17

2012-04-12 03:36:59

debiancve

CVE-2012-0876

2012-07-03 19:55:00

ibm

Security Bulletin: Vulnerabilities in Open Source Expact affect Tivoli Network Manager IP Edition

2018-06-17 15:34:31

Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics

2019-10-18 03:10:29

Security Bulletin: IBM Tivoli Monitoring Basic Services component. (CVE-2012-6702, CVE-2016-5300)

2018-06-17 15:35:17

centos

expat security update

2012-06-13 17:07:10

ubuntu

XML-RPC for C and C++ vulnerabilities

2012-09-10 00:00:00

Expat vulnerabilities

2012-08-10 00:00:00

Expat vulnerabilities

2016-06-20 00:00:00

securityvulns

expat security vulnerability

2012-04-02 00:00:00

[ MDVSA-2012:041 ] expat

2012-04-02 00:00:00

[ MDVSA-2012:096-1 ] python

2012-07-09 00:00:00

oraclelinux

expat security update

2012-06-13 00:00:00

python security update

2012-06-18 00:00:00

python security update

2012-06-18 00:00:00

amazon

Medium: expat

2012-06-19 15:59:00

redhat

(RHSA-2012:0731) Moderate: expat security update

2012-06-13 00:00:00

(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update

2016-01-21 15:45:11

(RHSA-2017:3239) Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update

2017-11-16 19:09:33

cloudfoundry

USN-3010-1 Expat vulnerabilities | Cloud Foundry

2016-07-13 00:00:00

slackware

[slackware-security] python

2018-05-04 20:53:50

[slackware-security] expat

2016-12-24 19:24:21

gentoo

Expat: Multiple vulnerabilities

2012-09-24 00:00:00

Expat: Multiple vulnerabilities

2017-01-11 00:00:00

vmware

VMware security updates for vSphere API and ESX Service Console

2012-11-15 00:00:00

apple

About the security content of iTunes 12.6 - Apple Support

2017-03-22 07:40:40

About the security content of iTunes 12.6

2017-03-21 00:00:00

About the security content of iTunes 12.6 for Windows

2017-03-21 00:00:00

suse

Security update for SLES 12-SP2 Docker image (important)

2017-10-11 03:08:09

Security update for SLES 12 Docker image (important)

2017-10-11 03:06:53

Security update for SLES 12-SP1 Docker image (important)

2017-10-11 03:07:32

androidsecurity

Android Security Bulletin—November 2016

2016-11-07 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Oracle Critical Patch Update Advisory - October 2020

2020-10-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for DEBIANCVE:CVE-2016-5300