Lucene search

Veracode Vulnerability DatabaseVERACODE:3383

HistoryFeb 01, 2017 - 6:06 a.m.

Denial Of Service (DoS)

2017-02-0106:06:40

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

expat is susceptible to denial of service (DoS) attacks. The vulnerability is due to an incomplete fix of CVE-2012-0876 which leads to insufficient entropy for hash initialization.

CPENameOperatorVersion
expateq2.1
libexpat.soeq0.5.0
expateq2.1.0__10.el7_3
expat:3.3eq2.1.1-r1

Name	Operator	Version
expat	eq	2.1
libexpat.so	eq	0.5.0
expat	eq	2.1.0__10.el7_3
expat:3.3	eq	2.1.1-r1

References

seclists.org/oss-sec/2016/q2/473

www.debian.org/security/2016/dsa-3597

www.openwall.com/lists/oss-security/2016/06/04/4

www.openwall.com/lists/oss-security/2016/06/04/5

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.securityfocus.com/bid/91159

www.ubuntu.com/usn/USN-3010-1

bugzilla.redhat.com/show_bug.cgi?id=1343085

kc.mcafee.com/corporate/index?page=content&id=SB10365

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

security.gentoo.org/glsa/201701-21

source.android.com/security/bulletin/2016-11-01.html

sourceforge.net/p/expat/bugs/499/

www.tenable.com/security/tns-2016-20

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Denial Of Service (DoS)

References

Related