7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
expat is vulnerable to denial of service (DoS). The attack exists because XML parser does not validate and handle the XML names input with large number of colons, consuming high CPU and memory.
lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
github.com/libexpat/libexpat/issues/186
github.com/libexpat/libexpat/pull/262
github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
lists.debian.org/debian-lts-announce/2019/06/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
lists.fedoraproject.org/archives/list/[email protected]/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
seclists.org/bugtraq/2019/Jun/39
security.gentoo.org/glsa/201911-08
security.netapp.com/advisory/ntap-20190703-0001/
support.f5.com/csp/article/K51011533
usn.ubuntu.com/4040-1/
usn.ubuntu.com/4040-2/
www.debian.org/security/2019/dsa-4472
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.tenable.com/security/tns-2021-11
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C