CVE-2019-15903

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

References

https://github.com/libexpat/libexpat/pull/318

https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43

https://github.com/libexpat/libexpat/issues/317

https://usn.ubuntu.com/4132-1/

https://github.com/libexpat/libexpat/issues/342

https://seclists.org/bugtraq/2019/Sep/30

http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html

https://usn.ubuntu.com/4132-2/

https://lists.fedoraproject.org/archives/list/[email protected]/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/

https://www.debian.org/security/2019/dsa-4530

https://seclists.org/bugtraq/2019/Sep/37

https://lists.fedoraproject.org/archives/list/[email protected]/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/

https://security.netapp.com/advisory/ntap-20190926-0004/

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/

https://seclists.org/bugtraq/2019/Oct/29

http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html

http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html

https://usn.ubuntu.com/4165-1/

https://www.debian.org/security/2019/dsa-4549

https://access.redhat.com/errata/RHSA-2019:3237

https://access.redhat.com/errata/RHSA-2019:3210

https://seclists.org/bugtraq/2019/Nov/1

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html

https://access.redhat.com/errata/RHSA-2019:3756

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html

https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html

https://seclists.org/bugtraq/2019/Nov/24

https://www.debian.org/security/2019/dsa-4571

https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html

https://security.gentoo.org/glsa/201911-08

https://usn.ubuntu.com/4202-1/

https://support.apple.com/kb/HT210788

https://support.apple.com/kb/HT210785

https://support.apple.com/kb/HT210790

https://support.apple.com/kb/HT210789

https://seclists.org/bugtraq/2019/Dec/21

https://seclists.org/bugtraq/2019/Dec/23

https://seclists.org/bugtraq/2019/Dec/17

https://support.apple.com/kb/HT210793

https://support.apple.com/kb/HT210795

https://support.apple.com/kb/HT210794

http://seclists.org/fulldisclosure/2019/Dec/23

http://seclists.org/fulldisclosure/2019/Dec/26

http://seclists.org/fulldisclosure/2019/Dec/27

http://seclists.org/fulldisclosure/2019/Dec/30

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://usn.ubuntu.com/4335-1/

https://www.oracle.com/security-alerts/cpuoct2020.html

https://www.tenable.com/security/tns-2021-11

Details

Source: MITRE

Published: 2019-09-04

Updated: 2021-06-15

Type: CWE-125

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Tenable Plugins

View all (90 total)

IDNameProductFamilySeverity
150798Tenable Nessus 8.x.x < 8.15.0 Multiple Vulnerabilities (TNS-2021-11)NessusMisc.
medium
147315NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147278NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Multiple Vulnerabilities (NS-SA-2021-0026)NessusNewStart CGSL Local Security Checks
high
146038CentOS 8 : expat (CESA-2020:4484)NessusCentOS Local Security Checks
high
145641CentOS 8 : thunderbird (CESA-2019:3237)NessusCentOS Local Security Checks
high
145572CentOS 8 : firefox (CESA-2019:3196)NessusCentOS Local Security Checks
high
144990Amazon Linux AMI : expat (ALAS-2021-1459)NessusAmazon Linux Local Security Checks
high
144463Amazon Linux AMI : expat (ALAS-2020-1460) (deprecated)NessusAmazon Linux Local Security Checks
high
143071RHEL 8 : expat (RHSA-2020:4484)NessusRed Hat Local Security Checks
high
142796Oracle Linux 8 : expat (ELSA-2020-4484)NessusOracle Linux Local Security Checks
high
141963Amazon Linux 2 : expat (ALAS-2020-1513)NessusAmazon Linux Local Security Checks
high
141698Scientific Linux Security Update : expat on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
high
141594CentOS 7 : expat (CESA-2020:3952)NessusCentOS Local Security Checks
high
141223Oracle Linux 7 : expat (ELSA-2020-3952)NessusOracle Linux Local Security Checks
high
141017RHEL 7 : expat (RHSA-2020:3952)NessusRed Hat Local Security Checks
high
138081Apple iCloud 7.x < 7.16 Multiple VulnerabilitiesNessusWindows
high
138078Apple iCloud 10.x < 10.9 Multiple VulnerabilitiesNessusWindows
high
137716Photon OS 2.0: Expat PHSA-2020-2.0-0254NessusPhotonOS Local Security Checks
high
137705RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644)NessusRed Hat Local Security Checks
medium
137638Photon OS 1.0: Expat PHSA-2020-1.0-0301NessusPhotonOS Local Security Checks
high
135896Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1)NessusUbuntu Local Security Checks
critical
135607EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445)NessusHuawei Local Security Checks
critical
134506EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2020-1217)NessusHuawei Local Security Checks
critical
134410NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022)NessusNewStart CGSL Local Security Checks
critical
133448SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1)NessusSuSE Local Security Checks
critical
133172openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
133071NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)NessusNewStart CGSL Local Security Checks
high
133036SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy)NessusSuSE Local Security Checks
critical
132829EulerOS Virtualization for ARM 64 3.0.5.0 : expat (EulerOS-SA-2020-1075)NessusHuawei Local Security Checks
high
132416Apple iTunes < 12.10.3 Multiple Vulnerabilities (credentialed check)NessusWindows
high
132415Apple iTunes < 12.10.3 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
132264Amazon Linux 2 : thunderbird (ALAS-2019-1376)NessusAmazon Linux Local Security Checks
high
132045Apple TV < 13.3 Multiple VulnerabilitiesNessusMisc.
high
132024Apple iOS < 13.3 Multiple VulnerabilitiesNessusMobile Devices
high
132011Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2)NessusUbuntu Local Security Checks
high
131957macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007NessusMacOS X Local Security Checks
high
131587EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433)NessusHuawei Local Security Checks
critical
131405NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215)NessusNewStart CGSL Local Security Checks
high
131268GLSA-201911-08 : Expat: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
131139Debian DSA-4571-1 : thunderbird - security updateNessusDebian Local Security Checks
high
131136Debian DLA-1997-1 : thunderbird security updateNessusDebian Local Security Checks
high
130977CentOS 6 : thunderbird (CESA-2019:3756)NessusCentOS Local Security Checks
high
130937openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464)NessusSuSE Local Security Checks
high
130936openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452)NessusSuSE Local Security Checks
high
130890openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459)NessusSuSE Local Security Checks
high
130885openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451)NessusSuSE Local Security Checks
high
130854EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-2145)NessusHuawei Local Security Checks
critical
130812EulerOS 2.0 SP8 : expat (EulerOS-SA-2019-2103)NessusHuawei Local Security Checks
high
130772Debian DLA-1987-1 : firefox-esr security updateNessusDebian Local Security Checks
high
130750Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106)NessusScientific Linux Local Security Checks
high
130742RHEL 6 : thunderbird (RHSA-2019:3756)NessusRed Hat Local Security Checks
high
130718EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2256)NessusHuawei Local Security Checks
critical
130500openSUSE Security Update : chromium / re2 (openSUSE-2019-2420)NessusSuSE Local Security Checks
high
130450SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1)NessusSuSE Local Security Checks
critical
130449SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1)NessusSuSE Local Security Checks
high
130436CentOS 7 : thunderbird (CESA-2019:3210)NessusCentOS Local Security Checks
high
130434CentOS 7 : firefox (CESA-2019:3193)NessusCentOS Local Security Checks
high
130415Oracle Linux 8 : thunderbird (ELSA-2019-3237)NessusOracle Linux Local Security Checks
high
130414Oracle Linux 7 : thunderbird (ELSA-2019-3210)NessusOracle Linux Local Security Checks
high
130386Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029)NessusScientific Linux Local Security Checks
high
130382RHEL 8 : thunderbird (RHSA-2019:3237)NessusRed Hat Local Security Checks
high
130371RHEL 7 : thunderbird (RHSA-2019:3210)NessusRed Hat Local Security Checks
high
130365Mozilla Thunderbird < 68.2NessusWindows
high
130364Mozilla Thunderbird < 68.2NessusMacOS X Local Security Checks
high
130288Debian DSA-4549-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
130275Google Chrome < 78.0.3904.70 Multiple VulnerabilitiesNessusWindows
high
130274Google Chrome < 78.0.3904.70 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
130248RHEL 8 : firefox (RHSA-2019:3196)NessusRed Hat Local Security Checks
high
130247Oracle Linux 8 : firefox (ELSA-2019-3196)NessusOracle Linux Local Security Checks
high
130200Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Firefox vulnerabilities (USN-4165-1)NessusUbuntu Local Security Checks
high
130190RHEL 7 : firefox (RHSA-2019:3193)NessusRed Hat Local Security Checks
high
130184Oracle Linux 7 : firefox (ELSA-2019-3193)NessusOracle Linux Local Security Checks
high
130172Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilitiesNessusWindows
high
130171Mozilla Firefox ESR 68.x < 68.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
130170Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusWindows
high
130169Mozilla Firefox < 70.0 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
130158Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01)NessusSlackware Local Security Checks
high
130079Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01)NessusSlackware Local Security Checks
critical
130077FreeBSD : python 3.7 -- multiple vulnerabilities (9b7491fb-f253-11e9-a50c-000c29c4dc65)NessusFreeBSD Local Security Checks
high
129620Fedora 31 : expat (2019-613edfe68b)NessusFedora Local Security Checks
high
129511Fedora 29 : expat (2019-672ae0f060)NessusFedora Local Security Checks
high
129457openSUSE Security Update : expat (openSUSE-2019-2205)NessusSuSE Local Security Checks
high
129456openSUSE Security Update : expat (openSUSE-2019-2204)NessusSuSE Local Security Checks
high
129322Fedora 30 : expat (2019-9505c6b555)NessusFedora Local Security Checks
high
129288SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2019:2440-1)NessusSuSE Local Security Checks
high
129283SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2019:2429-1)NessusSuSE Local Security Checks
high
129108Debian DSA-4530-1 : expat - security updateNessusDebian Local Security Checks
high
128963Slackware 14.0 / 14.1 / 14.2 / current : expat (SSA:2019-259-01)NessusSlackware Local Security Checks
high
128874Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Expat vulnerability (USN-4132-1)NessusUbuntu Local Security Checks
high