In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
http://seclists.org/fulldisclosure/2019/Dec/23
http://seclists.org/fulldisclosure/2019/Dec/26
http://seclists.org/fulldisclosure/2019/Dec/27
http://seclists.org/fulldisclosure/2019/Dec/30
https://access.redhat.com/errata/RHSA-2019:3210
https://access.redhat.com/errata/RHSA-2019:3237
https://access.redhat.com/errata/RHSA-2019:3756
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/issues/342
https://github.com/libexpat/libexpat/pull/318
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
https://seclists.org/bugtraq/2019/Dec/17
https://seclists.org/bugtraq/2019/Dec/21
https://seclists.org/bugtraq/2019/Dec/23
https://seclists.org/bugtraq/2019/Nov/1
https://seclists.org/bugtraq/2019/Nov/24
https://seclists.org/bugtraq/2019/Oct/29
https://seclists.org/bugtraq/2019/Sep/30
https://seclists.org/bugtraq/2019/Sep/37
https://security.gentoo.org/glsa/201911-08
https://security.netapp.com/advisory/ntap-20190926-0004/
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://support.apple.com/kb/HT210793
https://support.apple.com/kb/HT210794
https://support.apple.com/kb/HT210795
https://usn.ubuntu.com/4132-1/
https://usn.ubuntu.com/4132-2/
https://usn.ubuntu.com/4165-1/
https://usn.ubuntu.com/4202-1/
https://usn.ubuntu.com/4335-1/
https://www.debian.org/security/2019/dsa-4530
https://www.debian.org/security/2019/dsa-4549
https://www.debian.org/security/2019/dsa-4571
Source: MITRE
Published: 2019-09-04
Updated: 2020-10-20
Type: CWE-776
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
147315 | NewStart CGSL MAIN 6.02 : expat Multiple Vulnerabilities (NS-SA-2021-0083) | Nessus | NewStart CGSL Local Security Checks | high |
147312 | NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002) | Nessus | NewStart CGSL Local Security Checks | critical |
147278 | NewStart CGSL CORE 5.04 / MAIN 5.04 : expat Multiple Vulnerabilities (NS-SA-2021-0026) | Nessus | NewStart CGSL Local Security Checks | high |
146038 | CentOS 8 : expat (CESA-2020:4484) | Nessus | CentOS Local Security Checks | high |
145641 | CentOS 8 : thunderbird (CESA-2019:3237) | Nessus | CentOS Local Security Checks | medium |
145572 | CentOS 8 : firefox (CESA-2019:3196) | Nessus | CentOS Local Security Checks | medium |
144990 | Amazon Linux AMI : expat (ALAS-2021-1459) | Nessus | Amazon Linux Local Security Checks | high |
144463 | Amazon Linux AMI : expat (ALAS-2020-1460) (deprecated) | Nessus | Amazon Linux Local Security Checks | high |
143071 | RHEL 8 : expat (RHSA-2020:4484) | Nessus | Red Hat Local Security Checks | high |
142796 | Oracle Linux 8 : expat (ELSA-2020-4484) | Nessus | Oracle Linux Local Security Checks | high |
141963 | Amazon Linux 2 : expat (ALAS-2020-1513) | Nessus | Amazon Linux Local Security Checks | high |
141698 | Scientific Linux Security Update : expat on SL7.x x86_64 (20201001) | Nessus | Scientific Linux Local Security Checks | high |
141594 | CentOS 7 : expat (CESA-2020:3952) | Nessus | CentOS Local Security Checks | high |
141223 | Oracle Linux 7 : expat (ELSA-2020-3952) | Nessus | Oracle Linux Local Security Checks | high |
141017 | RHEL 7 : expat (RHSA-2020:3952) | Nessus | Red Hat Local Security Checks | high |
138081 | Apple iCloud 7.x < 7.16 Multiple Vulnerabilities | Nessus | Windows | high |
138078 | Apple iCloud 10.x < 10.9 Multiple Vulnerabilities | Nessus | Windows | high |
137716 | Photon OS 2.0: Expat PHSA-2020-2.0-0254 | Nessus | PhotonOS Local Security Checks | medium |
137705 | RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 (RHSA-2020:2644) | Nessus | Red Hat Local Security Checks | medium |
137638 | Photon OS 1.0: Expat PHSA-2020-1.0-0301 | Nessus | PhotonOS Local Security Checks | medium |
135896 | Ubuntu 16.04 LTS : Thunderbird vulnerabilities (USN-4335-1) | Nessus | Ubuntu Local Security Checks | high |
135607 | EulerOS Virtualization 3.0.2.2 : expat (EulerOS-SA-2020-1445) | Nessus | Huawei Local Security Checks | high |
134506 | EulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2020-1217) | Nessus | Huawei Local Security Checks | high |
134410 | NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0022) | Nessus | NewStart CGSL Local Security Checks | critical |
133448 | SUSE SLES12 Security Update : python36 (SUSE-SU-2020:0302-1) | Nessus | SuSE Local Security Checks | high |
133172 | openSUSE Security Update : python3 (openSUSE-2020-86) (BEAST) (httpoxy) | Nessus | SuSE Local Security Checks | critical |
133071 | NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003) | Nessus | NewStart CGSL Local Security Checks | medium |
133036 | SUSE SLED15 / SLES15 Security Update : python3 (SUSE-SU-2020:0114-1) (BEAST) (httpoxy) | Nessus | SuSE Local Security Checks | critical |
132829 | EulerOS Virtualization for ARM 64 3.0.5.0 : expat (EulerOS-SA-2020-1075) | Nessus | Huawei Local Security Checks | medium |
132416 | Apple iTunes < 12.10.3 Multiple Vulnerabilities (credentialed check) | Nessus | Windows | high |
132415 | Apple iTunes < 12.10.3 Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | high |
132264 | Amazon Linux 2 : thunderbird (ALAS-2019-1376) | Nessus | Amazon Linux Local Security Checks | medium |
132045 | Apple TV < 13.3 Multiple Vulnerabilities | Nessus | Misc. | high |
132024 | Apple iOS < 13.3 Multiple Vulnerabilities | Nessus | Mobile Devices | high |
132011 | Ubuntu 18.04 LTS / 19.10 : Thunderbird regression (USN-4202-2) | Nessus | Ubuntu Local Security Checks | medium |
131957 | macOS 10.15.x < 10.15.2 / 10.14.x < 10.14.6 Security Update 2019-002 / 10.13.x < 10.13.6 Security Update 2019-007 | Nessus | MacOS X Local Security Checks | high |
131587 | EulerOS 2.0 SP2 : expat (EulerOS-SA-2019-2433) | Nessus | Huawei Local Security Checks | high |
131405 | NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0215) | Nessus | NewStart CGSL Local Security Checks | medium |
131268 | GLSA-201911-08 : Expat: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
131139 | Debian DSA-4571-1 : thunderbird - security update | Nessus | Debian Local Security Checks | medium |
131136 | Debian DLA-1997-1 : thunderbird security update | Nessus | Debian Local Security Checks | medium |
130977 | CentOS 6 : thunderbird (CESA-2019:3756) | Nessus | CentOS Local Security Checks | medium |
130937 | openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2464) | Nessus | SuSE Local Security Checks | medium |
130936 | openSUSE Security Update : MozillaThunderbird (openSUSE-2019-2452) | Nessus | SuSE Local Security Checks | medium |
130890 | openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2459) | Nessus | SuSE Local Security Checks | medium |
130885 | openSUSE Security Update : MozillaFirefox / MozillaFirefox-branding-SLE (openSUSE-2019-2451) | Nessus | SuSE Local Security Checks | medium |
130854 | EulerOS 2.0 SP5 : expat (EulerOS-SA-2019-2145) | Nessus | Huawei Local Security Checks | high |
130812 | EulerOS 2.0 SP8 : expat (EulerOS-SA-2019-2103) | Nessus | Huawei Local Security Checks | medium |
130772 | Debian DLA-1987-1 : firefox-esr security update | Nessus | Debian Local Security Checks | medium |
130750 | Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20191106) | Nessus | Scientific Linux Local Security Checks | medium |
130742 | RHEL 6 : thunderbird (RHSA-2019:3756) | Nessus | Red Hat Local Security Checks | medium |
130718 | EulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2256) | Nessus | Huawei Local Security Checks | high |
130500 | openSUSE Security Update : chromium / re2 (openSUSE-2019-2420) | Nessus | SuSE Local Security Checks | medium |
130450 | SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2872-1) | Nessus | SuSE Local Security Checks | critical |
130449 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2019:2871-1) | Nessus | SuSE Local Security Checks | medium |
130436 | CentOS 7 : thunderbird (CESA-2019:3210) | Nessus | CentOS Local Security Checks | medium |
130434 | CentOS 7 : firefox (CESA-2019:3193) | Nessus | CentOS Local Security Checks | medium |
130415 | Oracle Linux 8 : thunderbird (ELSA-2019-3237) | Nessus | Oracle Linux Local Security Checks | medium |
130414 | Oracle Linux 7 : thunderbird (ELSA-2019-3210) | Nessus | Oracle Linux Local Security Checks | medium |
130386 | Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20191029) | Nessus | Scientific Linux Local Security Checks | medium |
130382 | RHEL 8 : thunderbird (RHSA-2019:3237) | Nessus | Red Hat Local Security Checks | medium |
130371 | RHEL 7 : thunderbird (RHSA-2019:3210) | Nessus | Red Hat Local Security Checks | medium |
130365 | Mozilla Thunderbird < 68.2 | Nessus | Windows | medium |
130364 | Mozilla Thunderbird < 68.2 | Nessus | MacOS X Local Security Checks | medium |
130288 | Debian DSA-4549-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | medium |
130275 | Google Chrome < 78.0.3904.70 Multiple Vulnerabilities | Nessus | Windows | medium |
130274 | Google Chrome < 78.0.3904.70 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |
130248 | RHEL 8 : firefox (RHSA-2019:3196) | Nessus | Red Hat Local Security Checks | medium |
130247 | Oracle Linux 8 : firefox (ELSA-2019-3196) | Nessus | Oracle Linux Local Security Checks | medium |
130200 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Firefox vulnerabilities (USN-4165-1) | Nessus | Ubuntu Local Security Checks | medium |
130190 | RHEL 7 : firefox (RHSA-2019:3193) | Nessus | Red Hat Local Security Checks | medium |
130184 | Oracle Linux 7 : firefox (ELSA-2019-3193) | Nessus | Oracle Linux Local Security Checks | medium |
130172 | Mozilla Firefox ESR 68.x < 68.2 Multiple vulnerabilities | Nessus | Windows | medium |
130171 | Mozilla Firefox ESR 68.x < 68.2 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |
130170 | Mozilla Firefox < 70.0 Multiple Vulnerabilities | Nessus | Windows | medium |
130169 | Mozilla Firefox < 70.0 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | medium |
130158 | Slackware 14.2 / current : mozilla-firefox (SSA:2019-295-01) | Nessus | Slackware Local Security Checks | medium |
130079 | Slackware 14.0 / 14.1 / 14.2 / current : python (SSA:2019-293-01) | Nessus | Slackware Local Security Checks | medium |
130077 | FreeBSD : python 3.7 -- multiple vulnerabilities (9b7491fb-f253-11e9-a50c-000c29c4dc65) | Nessus | FreeBSD Local Security Checks | medium |
129620 | Fedora 31 : expat (2019-613edfe68b) | Nessus | Fedora Local Security Checks | medium |
129511 | Fedora 29 : expat (2019-672ae0f060) | Nessus | Fedora Local Security Checks | medium |
129457 | openSUSE Security Update : expat (openSUSE-2019-2205) | Nessus | SuSE Local Security Checks | medium |
129456 | openSUSE Security Update : expat (openSUSE-2019-2204) | Nessus | SuSE Local Security Checks | medium |
129322 | Fedora 30 : expat (2019-9505c6b555) | Nessus | Fedora Local Security Checks | medium |
129288 | SUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2019:2440-1) | Nessus | SuSE Local Security Checks | medium |
129283 | SUSE SLED15 / SLES15 Security Update : expat (SUSE-SU-2019:2429-1) | Nessus | SuSE Local Security Checks | medium |
129108 | Debian DSA-4530-1 : expat - security update | Nessus | Debian Local Security Checks | medium |
128963 | Slackware 14.0 / 14.1 / 14.2 / current : expat (SSA:2019-259-01) | Nessus | Slackware Local Security Checks | medium |
128874 | Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Expat vulnerability (USN-4132-1) | Nessus | Ubuntu Local Security Checks | medium |