CVE-2012-1148

MEDIUM

Description

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

References

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167

http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html

http://rhn.redhat.com/errata/RHSA-2012-0731.html

http://rhn.redhat.com/errata/RHSA-2016-0062.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://secunia.com/advisories/49504

http://secunia.com/advisories/51024

http://secunia.com/advisories/51040

http://sourceforge.net/projects/expat/files/expat/2.1.0/

http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127

http://www.debian.org/security/2012/dsa-2525

http://www.mandriva.com/security/advisories?name=MDVSA-2012:041

http://www.securityfocus.com/bid/52379

http://www.securitytracker.com/id/1034344

http://www.ubuntu.com/usn/USN-1527-1

http://www.ubuntu.com/usn/USN-1613-1

http://www.ubuntu.com/usn/USN-1613-2

https://support.apple.com/HT205637

Details

Source: MITRE

Published: 2012-07-03

Updated: 2018-01-05

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:libexpat:expat:1.95.1:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:1.95.2:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:1.95.4:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:1.95.5:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:1.95.6:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:1.95.7:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:1.95.8:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:libexpat:expat:*:*:*:*:*:*:*:* versions up to 2.0.1 (inclusive)

Configuration 2

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.1 (inclusive)

Tenable Plugins

View all (24 total)

ID	Name	Product	Family	Severity
100027	Apple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)	Nessus	MacOS X Local Security Checks	high
100026	Apple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
100025	Apple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
9325	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	high
89039	VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2012-0016) (remote check)	Nessus	Misc.	high
87321	Mac OS X Multiple Vulnerabilities (Security Updates 2015-005 / 2015-008)	Nessus	MacOS X Local Security Checks	critical
87314	Mac OS X 10.11.x < 10.11.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
86013	F5 Networks BIG-IP : Expat vulnerabilities (K16949)	Nessus	F5 Networks Local Security Checks	medium
80669	Oracle Solaris Third-Party Patch Update : libexpat (multiple_resource_management_error_vulnerabilities)	Nessus	Solaris Local Security Checks	medium
69696	Amazon Linux AMI : expat (ALAS-2012-89)	Nessus	Amazon Linux Local Security Checks	medium
68543	Oracle Linux 5 / 6 : expat (ELSA-2012-0731)	Nessus	Oracle Linux Local Security Checks	medium
64127	SuSE 11.1 Security Update : expat (SAT Patch Number 6200)	Nessus	SuSE Local Security Checks	medium
62944	VMSA-2012-0016 : VMware security updates for vSphere API and ESX Service Console	Nessus	VMware ESX Local Security Checks	high
62620	Ubuntu 8.04 LTS : python2.4 vulnerabilities (USN-1613-2)	Nessus	Ubuntu Local Security Checks	medium
62619	Ubuntu 8.04 LTS : python2.5 vulnerabilities (USN-1613-1)	Nessus	Ubuntu Local Security Checks	medium
62287	GLSA-201209-06 : Expat: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
62036	Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : xmlrpc-c vulnerabilities (USN-1527-2)	Nessus	Ubuntu Local Security Checks	medium
61485	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : expat vulnerabilities (USN-1527-1)	Nessus	Ubuntu Local Security Checks	medium
61441	Debian DSA-2525-1 : expat - several vulnerabilities	Nessus	Debian Local Security Checks	medium
61327	Scientific Linux Security Update : expat on SL5.x, SL6.x i386/x86_64 (20120613)	Nessus	Scientific Linux Local Security Checks	medium
59639	SuSE 10 Security Update : expat (ZYPP Patch Number 8015)	Nessus	SuSE Local Security Checks	medium
59491	RHEL 5 / 6 : expat (RHSA-2012:0731)	Nessus	Red Hat Local Security Checks	medium
59482	CentOS 5 / 6 : expat (CESA-2012:0731)	Nessus	CentOS Local Security Checks	medium
58506	Mandriva Linux Security Advisory : expat (MDVSA-2012:041)	Nessus	Mandriva Local Security Checks	medium