FreeBSD : expat2 -- Fix extraction of namespace prefixes from XML names (c5bd8a25-99a6-11e9-a598-f079596b62f9)

expat project reports : XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

FreeBSD : expat2 -- denial of service (ff76f0e0-3f11-11e6-b3c8-14dae9d210b8)

Adam Maris reports : It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch. %NASLMINLEVEL 7030...

FreeBSD Ports: expat2

The remote host is missing an update to the system as announced in the referenced advisory. VID e9fca207-e399-11de-881e-001aa0166822 OpenVAS Vulnerability Test $ Description: Auto generated from VID e9fca207-e399-11de-881e-001aa0166822 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD Ports: expat2

The remote host is missing an update to the system as announced in the referenced advisory. VID 5f030587-e39a-11de-881e-001aa0166822 OpenVAS Vulnerability Test $ Description: Auto generated from VID 5f030587-e39a-11de-881e-001aa0166822 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD Ports: expat2

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: expat2

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD : expat2 -- buffer over-read and crash (e9fca207-e399-11de-881e-001aa0166822)

CVE reports : The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related ...

FreeBSD : expat2 -- Parser crash with specially formatted UTF-8 sequences (5f030587-e39a-11de-881e-001aa0166822)

CVE reports : The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a...