Lucene search

Veracode Vulnerability DatabaseVERACODE:12247

HistoryJan 15, 2019 - 9:14 a.m.

Denial Of Service (DoS) Or Arbitrary Code Execution

2019-01-1509:14:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

expat is vulnerable to denial of service (DoS) or arbitrary code execution attacks. When users input malformed document, expat XML parser mishandles the input which causes a buffer overflow during the processing and error reporting. This leading to a denial of service and conceivably result in remote code execution.

CPENameOperatorVersion
expateq2.0.1__9.1.el6
expateq2.0.1__11.el6_2
expat:trustyeq2.1.0-4ubuntu1
expat:preciseeq2.0.1-7.2ubuntu1
firefox:preciseeq11.0+build1
firefox:xenialeq45.0.2+build1
firefox:trustyeq28.0+build2
expateq2.0.1__9.1.el6
expateq2.0.1__11.el6_2
expat:trustyeq2.1.0-4ubuntu1

Name	Operator	Version
expat	eq	2.0.1__9.1.el6
expat	eq	2.0.1__11.el6_2
expat:trusty	eq	2.1.0-4ubuntu1
expat:precise	eq	2.0.1-7.2ubuntu1
firefox:precise	eq	11.0+build1
firefox:xenial	eq	45.0.2+build1
firefox:trusty	eq	28.0+build2
expat	eq	2.0.1__9.1.el6
expat	eq	2.0.1__11.el6_2
expat:trusty	eq	2.1.0-4ubuntu1

Rows per page:

1-10 of 141

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html

packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html

rhn.redhat.com/errata/RHSA-2016-2824.html

seclists.org/fulldisclosure/2017/Feb/68

support.eset.com/ca6333/

www.debian.org/security/2016/dsa-3582

www.mozilla.org/security/announce/2016/mfsa2016-68.html

www.openwall.com/lists/oss-security/2016/05/17/12

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.securityfocus.com/bid/90729

www.securitytracker.com/id/1036348

www.securitytracker.com/id/1036415

www.securitytracker.com/id/1037705

www.ubuntu.com/usn/USN-2983-1

www.ubuntu.com/usn/USN-3044-1

access.redhat.com/errata/RHSA-2016:2824

access.redhat.com/errata/RHSA-2018:2486

access.redhat.com/security/cve/CVE-2016-0718

access.redhat.com/security/updates/classification/#moderate

bugzilla.mozilla.org/show_bug.cgi?id=1236923

bugzilla.redhat.com/show_bug.cgi?id=1296102

kc.mcafee.com/corporate/index?page=content&id=SB10365

rhn.redhat.com/errata/RHSA-2016-2824.html

security.gentoo.org/glsa/201701-21

source.android.com/security/bulletin/2016-11-01.html

support.apple.com/HT206903

www.tenable.com/security/tns-2016-20

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Denial Of Service (DoS) Or Arbitrary Code Execution

References

Related