CVE-2019-15903

MEDIUM

Description

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

References

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html

http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html

http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html

http://seclists.org/fulldisclosure/2019/Dec/23

http://seclists.org/fulldisclosure/2019/Dec/26

http://seclists.org/fulldisclosure/2019/Dec/27

http://seclists.org/fulldisclosure/2019/Dec/30

https://access.redhat.com/errata/RHSA-2019:3210

https://access.redhat.com/errata/RHSA-2019:3237

https://access.redhat.com/errata/RHSA-2019:3756

https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43

https://github.com/libexpat/libexpat/issues/317

https://github.com/libexpat/libexpat/issues/342

https://github.com/libexpat/libexpat/pull/318

https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html

https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/

https://lists.fedoraproject.org/archives/list/[email protected]/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/

https://lists.fedoraproject.org/archives/list/[email protected]/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/

https://seclists.org/bugtraq/2019/Dec/17

https://seclists.org/bugtraq/2019/Dec/21

https://seclists.org/bugtraq/2019/Dec/23

https://seclists.org/bugtraq/2019/Nov/1

https://seclists.org/bugtraq/2019/Nov/24

https://seclists.org/bugtraq/2019/Oct/29

https://seclists.org/bugtraq/2019/Sep/30

https://seclists.org/bugtraq/2019/Sep/37

https://security.gentoo.org/glsa/201911-08

https://security.netapp.com/advisory/ntap-20190926-0004/

https://support.apple.com/kb/HT210785

https://support.apple.com/kb/HT210788

https://support.apple.com/kb/HT210789

https://support.apple.com/kb/HT210790

https://support.apple.com/kb/HT210793

https://support.apple.com/kb/HT210794

https://support.apple.com/kb/HT210795

https://usn.ubuntu.com/4132-1/

https://usn.ubuntu.com/4132-2/

https://usn.ubuntu.com/4165-1/

https://usn.ubuntu.com/4202-1/

https://usn.ubuntu.com/4335-1/

https://www.debian.org/security/2019/dsa-4530

https://www.debian.org/security/2019/dsa-4549

https://www.debian.org/security/2019/dsa-4571

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuoct2020.html

Details

Source: MITRE

Published: 2019-09-04

Updated: 2020-10-20

Type: CWE-776

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Tenable Plugins

View all (89 total)

IDNameProductFamilySeverity
147315NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147278NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Multiple Vulnerabilities (NS-SA-2021-0026)NessusNewStart CGSL Local Security Checks
high
146038CentOS 8 : expat (CESA-2020:4484)NessusCentOS Local Security Checks
high
145641CentOS 8 : thunderbird (CESA-2019:3237)NessusCentOS Local Security Checks
medium
145572CentOS 8 : firefox (CESA-2019:3196)NessusCentOS Local Security Checks
medium
144990Amazon Linux AMI : expat (ALAS-2021-1459)NessusAmazon Linux Local Security Checks
high
144463Amazon Linux AMI : expat (ALAS-2020-1460) (deprecated)NessusAmazon Linux Local Security Checks
high
143071RHEL 8 : expat (RHSA-2020:4484)NessusRed Hat Local Security Checks
high
142796Oracle Linux 8 : expat (ELSA-2020-4484)NessusOracle Linux Local Security Checks
high
141963Amazon Linux 2 : expat (ALAS-2020-1513)NessusAmazon Linux Local Security Checks
high
141698Scientific Linux Security Update : expat on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141594CentOS 7 : expat (CESA-2020:3952)NessusCentOS Local Security Checks
high
141223Oracle Linux 7 : expat (ELSA-2020-3952)NessusOracle Linux Local Security Checks
high
141017RHEL 7 : expat (RHSA-2020:3952)NessusRed Hat Local Security Checks
high
138081Apple iCloud 7.x < 7.16 Multiple VulnerabilitiesNessusWindows
high
138078Apple iCloud 10.x < 10.9 Multiple VulnerabilitiesNessusWindows
high
137716Photon OS 2.0: Expat PHSA-2020-2.0-0254NessusPhotonOS Local Security Checks
medium
137705RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)NessusRed Hat Local Security Checks
medium
137638Photon OS 1.0: Expat PHSA-2020-1.0-0301NessusPhotonOS Local Security Checks
medium
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
high
135607EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445)NessusHuawei Local Security Checks
high
134506EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2020-1217)NessusHuawei Local Security Checks
high
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
133448SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)NessusSuSE Local Security Checks
high
133172openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133071NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)NessusNewStart CGSL Local Security Checks
medium
133036SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
132829EulerOS Virtualization for ARM 64 3.0.5.0 : expat (EulerOS-SA-2020-1075)NessusHuawei Local Security Checks
medium
132416Apple iTunes < 12.10.3 Multiple Vulnerabilities (credentialed check)NessusWindows
high
132415Apple iTunes < 12.10.3 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
132264Amazon Linux 2 : thunderbird (ALAS-2019-1376)NessusAmazon Linux Local Security Checks
medium
132045Apple TV < 13.3 Multiple VulnerabilitiesNessusMisc.
high
132024Apple iOS < 13.3 Multiple VulnerabilitiesNessusMobile Devices
high
132011Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2)NessusUbuntu Local Security Checks
medium
131957macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007NessusMacOS X Local Security Checks
high
131587EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433)NessusHuawei Local Security Checks
high
131405NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215)NessusNewStart CGSL Local Security Checks
medium
131268GLSA-201911-08 : Expat: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
131139Debian DSA-4571-1 : thunderbird - security updateNessusDebian Local Security Checks
medium
131136Debian DLA-1997-1 : thunderbird security updateNessusDebian Local Security Checks
medium
130977CentOS 6 : thunderbird (CESA-2019:3756)NessusCentOS Local Security Checks
medium
130937openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)NessusSuSE Local Security Checks
medium
130936openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)NessusSuSE Local Security Checks
medium
130890openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459)NessusSuSE Local Security Checks
medium
130885openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451)NessusSuSE Local Security Checks
medium
130854EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-2145)NessusHuawei Local Security Checks
high
130812EulerOS 2.0 SP8 : expat (EulerOS-SA-2019-2103)NessusHuawei Local Security Checks
medium
130772Debian DLA-1987-1 : firefox-esr security updateNessusDebian Local Security Checks
medium
130750Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)NessusScientific Linux Local Security Checks
medium
130742RHEL 6 : thunderbird (RHSA-2019:3756)NessusRed Hat Local Security Checks
medium
130718EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2256)NessusHuawei Local Security Checks
high
130500openSUSE Security Update : chromium / re2 (openSUSE-2019-2420)NessusSuSE Local Security Checks
medium
130450SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1)NessusSuSE Local Security Checks
critical
130449SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1)NessusSuSE Local Security Checks
medium
130436CentOS 7 : thunderbird (CESA-2019:3210)NessusCentOS Local Security Checks
medium
130434CentOS 7 : firefox (CESA-2019:3193)NessusCentOS Local Security Checks
medium
130415Oracle Linux 8 : thunderbird (ELSA-2019-3237)NessusOracle Linux Local Security Checks
medium
130414Oracle Linux 7 : thunderbird (ELSA-2019-3210)NessusOracle Linux Local Security Checks
medium
130386Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)NessusScientific Linux Local Security Checks
medium
130382RHEL 8 : thunderbird (RHSA-2019:3237)NessusRed Hat Local Security Checks
medium
130371RHEL 7 : thunderbird (RHSA-2019:3210)NessusRed Hat Local Security Checks
medium
130365Mozilla Thunderbird < 68.2NessusWindows
medium
130364Mozilla Thunderbird < 68.2NessusMacOS X Local Security Checks
medium
130288Debian DSA-4549-1 : firefox-esr - security updateNessusDebian Local Security Checks
medium
130275Google Chrome < 78.0.3904.70 Multiple VulnerabilitiesNessusWindows
medium
130274Google Chrome < 78.0.3904.70 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
130248RHEL 8 : firefox (RHSA-2019:3196)NessusRed Hat Local Security Checks
medium
130247Oracle Linux 8 : firefox (ELSA-2019-3196)NessusOracle Linux Local Security Checks
medium
130200Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Firefox vulnerabilities (USN-4165-1)NessusUbuntu Local Security Checks
medium
130190RHEL 7 : firefox (RHSA-2019:3193)NessusRed Hat Local Security Checks
medium
130184Oracle Linux 7 : firefox (ELSA-2019-3193)NessusOracle Linux Local Security Checks
medium
130172Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilitiesNessusWindows
medium
130171Mozilla Firefox ESR 68.x < 68.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
130170Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusWindows
medium
130169Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
medium
130158Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01)NessusSlackware Local Security Checks
medium
130079Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01)NessusSlackware Local Security Checks
medium
130077FreeBSD : python 3.7 -- multiple vulnerabilities (9b7491fb-f253-11e9-a50c-000c29c4dc65)NessusFreeBSD Local Security Checks
medium
129620Fedora 31 : expat (2019-613edfe68b)NessusFedora Local Security Checks
medium
129511Fedora 29 : expat (2019-672ae0f060)NessusFedora Local Security Checks
medium
129457openSUSE Security Update : expat (openSUSE-2019-2205)NessusSuSE Local Security Checks
medium
129456openSUSE Security Update : expat (openSUSE-2019-2204)NessusSuSE Local Security Checks
medium
129322Fedora 30 : expat (2019-9505c6b555)NessusFedora Local Security Checks
medium
129288SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2019:2440-1)NessusSuSE Local Security Checks
medium
129283SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2019:2429-1)NessusSuSE Local Security Checks
medium
129108Debian DSA-4530-1 : expat - security updateNessusDebian Local Security Checks
medium
128963Slackware 14.0 / 14.1 / 14.2 / current : expat (SSA:2019-259-01)NessusSlackware Local Security Checks
medium
128874Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Expat vulnerability (USN-4132-1)NessusUbuntu Local Security Checks
medium