It was discovered that Expat, a C library to parse XML, is vulnerable
to denial of service through hash collisions and a memory leak in
pool handling.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.1-7+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 2.1.0~beta3-1.

For the unstable distribution (sid), this problem has been fixed in
version 2.1.0~beta3-1.

We recommend that you upgrade your expat packages.

CPENameOperatorVersion
expateq2.0.1-7

CPE	Name	Operator	Version
	expat	eq	2.0.1-7

References

www.debian.org/security/2012/dsa-2525

openvas 46

nessus 50

centos 1

ubuntu 5

securityvulns 3

f5 4

oraclelinux 3

redhat 4

veracode 3

amazon 1

debian 4

ibm 13

fedora 3

ubuntucve 4

gentoo 1

prion 3

debiancve 3

cve 3

alpinelinux 1

redhatcve 1

osv 4

freebsd 3

archlinux 2

mageia 1

vmware 1

slackware 1

apple 4

openvas

Amazon Linux: Security Advisory (ALAS-2012-89)

2015-09-08 00:00:00

RedHat Update for expat RHSA-2012:0731-01

2012-06-15 00:00:00

CentOS Update for expat CESA-2012:0731 centos6

2012-07-30 00:00:00

nessus

F5 Networks BIG-IP : Expat vulnerabilities (K16949)

2015-09-18 00:00:00

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)

2012-08-10 00:00:00

CentOS 5 / 6 : expat (CESA-2012:0731)

2012-06-14 00:00:00

centos

expat security update

2012-06-13 17:07:10

ubuntu

XML-RPC for C and C++ vulnerabilities

2012-09-10 00:00:00

Expat vulnerabilities

2012-08-10 00:00:00

Python 2.4 vulnerabilities

2012-10-17 00:00:00

securityvulns

expat security vulnerability

2012-04-02 00:00:00

[ MDVSA-2012:041 ] expat

2012-04-02 00:00:00

[ MDVSA-2012:096-1 ] python

2012-07-09 00:00:00

SOL16949 - Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148

2015-07-10 00:00:00

K16949 : Expat vulnerabilities CVE-2012-0876 and CVE-2012-1148

2015-07-11 00:00:00

SOL70938105 - Expat XML library vulnerability CVE-2016-5300

2016-10-26 00:00:00

oraclelinux

expat security update

2012-06-13 00:00:00

python security update

2012-06-18 00:00:00

python security update

2012-06-18 00:00:00

redhat

(RHSA-2012:0731) Moderate: expat security update

2012-06-13 00:00:00

(RHSA-2016:0062) Moderate: Red Hat JBoss Web Server 2.1.0 security update

2016-01-21 15:45:11

(RHSA-2017:3239) Important: Red Hat JBoss Enterprise Application Platform 6.4.18 security update

2017-11-16 19:09:33

veracode

Denial Of Service (DoS)

2019-05-02 04:41:51

Denial Of Service (DoS)

2019-01-15 08:52:02

Denial Of Service (DoS)

2017-02-01 06:06:40

amazon

Medium: expat

2012-06-19 15:59:00

debian

[SECURITY] [DSA 2525-1] expat security update

2012-08-06 20:37:11

[SECURITY] [DSA 3597-1] expat security update

2016-06-07 16:44:57

[SECURITY] [DSA 3597-1] expat security update

2016-06-07 16:44:57

ibm

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server that is shipped with IBM Rational ClearQuest (CVE-2012-0876, CVE-2012-1148, CVE-2016-4472, CVE-2016-0718)

2020-02-04 16:40:40

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2012-0876, CVE-2012-1148, CVE-2016-4472, CVE-2016-0718)

2018-07-10 08:34:12

Security Bulletin: Multiple Denial of Service vulnerabilities with Expat might affect IBM HTTP Server used with IBM Security Network Protection

2018-06-16 21:45:41

fedora

[SECURITY] Fedora 15 Update: expat-2.1.0-1.fc15

2012-05-15 23:27:15

[SECURITY] Fedora 16 Update: expat-2.1.0-1.fc16

2012-05-01 00:51:58

[SECURITY] Fedora 17 Update: expat-2.1.0-1.fc17

2012-04-12 03:36:59

ubuntucve

CVE-2012-0876

2012-07-03 00:00:00

CVE-2012-1148

2012-07-03 00:00:00

CVE-2012-6702

2012-12-31 00:00:00

gentoo

Expat: Multiple vulnerabilities

2012-09-24 00:00:00

prion

Code injection

2012-07-03 19:55:00

Memory corruption

2012-07-03 19:55:00

Code injection

2016-06-16 18:59:00

debiancve

CVE-2012-0876

2012-07-03 19:55:00

CVE-2012-1148

2012-07-03 19:55:00

CVE-2016-5300

2016-06-16 18:59:00

cve

CVE-2012-0876

2012-07-03 19:55:00

CVE-2012-1148

2012-07-03 19:55:00

CVE-2016-5300

2016-06-16 18:59:00

alpinelinux

CVE-2016-5300

2016-06-16 18:59:00

redhatcve

CVE-2016-5300

2016-06-06 13:18:38

osv

CVE-2016-5300

2016-06-16 18:59:00

expat - security update

2016-06-07 00:00:00

expat - security update

2016-06-08 00:00:00

freebsd

expat -- multiple vulnerabilities

2016-03-18 00:00:00

Python 2.7 -- multiple vulnerabilities

2017-08-26 00:00:00

python 2.7 -- multiple vulnerabilities

2018-05-01 00:00:00

archlinux

expat: multiple issues

2016-06-13 00:00:00

lib32-expat: multiple issues

2016-06-13 00:00:00

mageia

Updated expat packages fix security vulnerabilities

2016-06-17 08:58:14

vmware

VMware security updates for vSphere API and ESX Service Console

2012-11-15 00:00:00

slackware

[slackware-security] python

2018-05-04 20:53:50

apple

About the security content of iTunes 12.6

2017-03-21 00:00:00

About the security content of iTunes 12.6 - Apple Support

2017-03-22 07:40:40

About the security content of iTunes 12.6 for Windows

2017-03-21 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for OSV:DSA-2525-1