OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

CVE-2022-23852

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES...

CVE-2022-23437 Infinite loop within Apache XercesJ xml parser

There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present withi...

CVE-2022-23437

Technical specifics for CVE-2022-23437 (Xerces-J infinite loop in XML parsing) are not disclosed in the provided connected documents. Monitor for vendor/maintainer updates; current entries reference the issue but do not provide detailed root-cause, affected versions beyond 2.12.1, or fixes.

[SECURITY] Fedora 35 Update: expat-2.4.3-1.fc35

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

Oracle Business Intelligence ReportTemplateService XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle Business Intelligence. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReportTemplateService endpoint, which listens on TCP port 9502 ...

Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them

Today XML External Entities XXE vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities and...

Expat defineAttribute function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in defineAttribute in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary...

Expat addBinding function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in the addBinding in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary...

Expat build_model function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in buildmodel in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code ...

Expat storeAtt function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could...

Expat nextScaffoldPart buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in xmlparse.c in nextScaffoldPart when processing untrusted input. A remote attacker could exploit this vulnerability to execute arbitra...

Fix of 8 CVEs

CVE-2021-3517.patch: validate UTF8 in xmlEncodeEntities - CVE-2021-3518.patch: fix user-after-free with 'xmllint --xinclude --dropdtd' - CVE-2021-3537.patch: propagate error in xmlParseElementChildrenContentDeclPriv - CVE-2021-3541.patch: parser fix for the billion laughs attack -...

Integer overflow

storeAtts in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

CVE-2022-22823

buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

Expat has an unspecified vulnerability

Expat is a fast streaming XML parser written in C. Expat is vulnerable in versions prior to 2.4.3. The vulnerability stems from mgroupSize in Expat's xmlparse.c that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations...

Expat has an unspecified vulnerability

Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat, which stems from the fact that in Expat aka libexpat prior to 2.4.3, the storeAtts function in xmlparse.c shifted left by 29 or more bits may cause realloc misbehavior e.g., allocating too few bytes too...

CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...

XML External Entity (XXE)

tinkerpop is vulnerable to XML external entity attacks. The gremlin-core package does not disable the XML input stream potentially allowing attackers to submit malicious XML to the XML parser and gain access to sensitive information...