ID CVE-2019-15903
Summary In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
Vulnerable Configurations
  • cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.1:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.1:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.2:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.2:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.3:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.3:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.4:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.4:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.5:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.5:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.6:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.6:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.7:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.7:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.5.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.5.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.1:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.1:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.2:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.2:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.3:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.3:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.4:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.4:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.6:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.6:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.7:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.7:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.9:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.9:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.10:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.10:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.11:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.11:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.12:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.12:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.12:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.12:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.13:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.13:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.14:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.14:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.14:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.14:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.15:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.15:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.15:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.15:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.15:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.16:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.16:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.16:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.16:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.7.17:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.7.17:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.1:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.1:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.1:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.1:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.2:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.2:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.3:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.3:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.4:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.4:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.7.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.7.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:alpha4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.1:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.1:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.2:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.2:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.3:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.3:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.4:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.4:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.5:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.5:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.6:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.6:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.7:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.7:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.7:rc2:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.7:rc2:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.8:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.8:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.9:-:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.9:-:*:*:*:*:*:*
  • cpe:2.3:a:python:python:3.6.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:python:python:3.6.9:rc1:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 28-07-2022 - 11:23)
Impact:
Exploitability:
CWE CWE-776
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment firefox is earlier than 0:68.2.0-1.el7_7
        oval oval:com.redhat.rhsa:tst:20193193001
      • comment firefox is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100861006
    rhsa
    id RHSA-2019:3193
    released 2019-10-24
    severity Critical
    title RHSA-2019:3193: firefox security update (Critical)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment firefox is earlier than 0:68.2.0-2.el8_0
            oval oval:com.redhat.rhsa:tst:20193196001
          • comment firefox is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment firefox-debugsource is earlier than 0:68.2.0-2.el8_0
            oval oval:com.redhat.rhsa:tst:20193196003
          • comment firefox-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190966004
    rhsa
    id RHSA-2019:3196
    released 2019-10-24
    severity Critical
    title RHSA-2019:3196: firefox security update (Critical)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment thunderbird is earlier than 0:68.2.0-1.el7_7
        oval oval:com.redhat.rhsa:tst:20193210001
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896002
    rhsa
    id RHSA-2019:3210
    released 2019-10-29
    severity Important
    title RHSA-2019:3210: thunderbird security update (Important)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment thunderbird is earlier than 0:68.2.0-1.el8_0
            oval oval:com.redhat.rhsa:tst:20193237001
          • comment thunderbird is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100896002
        • AND
          • comment thunderbird-debugsource is earlier than 0:68.2.0-1.el8_0
            oval oval:com.redhat.rhsa:tst:20193237003
          • comment thunderbird-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191144004
    rhsa
    id RHSA-2019:3237
    released 2019-10-29
    severity Important
    title RHSA-2019:3237: thunderbird security update (Important)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment thunderbird is earlier than 0:68.2.0-2.el6_10
        oval oval:com.redhat.rhsa:tst:20193756001
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896002
    rhsa
    id RHSA-2019:3756
    released 2019-11-06
    severity Important
    title RHSA-2019:3756: thunderbird security update (Important)
  • bugzilla
    id 1752592
    title CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment expat is earlier than 0:2.1.0-12.el7
            oval oval:com.redhat.rhsa:tst:20203952001
          • comment expat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731002
        • AND
          • comment expat-devel is earlier than 0:2.1.0-12.el7
            oval oval:com.redhat.rhsa:tst:20203952003
          • comment expat-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731004
        • AND
          • comment expat-static is earlier than 0:2.1.0-12.el7
            oval oval:com.redhat.rhsa:tst:20203952005
          • comment expat-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20162824009
    rhsa
    id RHSA-2020:3952
    released 2020-09-29
    severity Moderate
    title RHSA-2020:3952: expat security update (Moderate)
  • bugzilla
    id 1752592
    title CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment expat is earlier than 0:2.2.5-4.el8
            oval oval:com.redhat.rhsa:tst:20204484001
          • comment expat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731002
        • AND
          • comment expat-debugsource is earlier than 0:2.2.5-4.el8
            oval oval:com.redhat.rhsa:tst:20204484003
          • comment expat-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20204484004
        • AND
          • comment expat-devel is earlier than 0:2.2.5-4.el8
            oval oval:com.redhat.rhsa:tst:20204484005
          • comment expat-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731004
    rhsa
    id RHSA-2020:4484
    released 2020-11-04
    severity Moderate
    title RHSA-2020:4484: expat security update (Moderate)
rpms
  • firefox-0:68.2.0-1.el7_7
  • firefox-debuginfo-0:68.2.0-1.el7_7
  • firefox-0:68.2.0-2.el8_0
  • firefox-debuginfo-0:68.2.0-2.el8_0
  • firefox-debugsource-0:68.2.0-2.el8_0
  • thunderbird-0:68.2.0-1.el7_7
  • thunderbird-debuginfo-0:68.2.0-1.el7_7
  • thunderbird-0:68.2.0-1.el8_0
  • thunderbird-debuginfo-0:68.2.0-1.el8_0
  • thunderbird-debugsource-0:68.2.0-1.el8_0
  • thunderbird-0:68.2.0-2.el6_10
  • thunderbird-debuginfo-0:68.2.0-2.el6_10
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
  • expat-0:2.1.0-12.el7
  • expat-debuginfo-0:2.1.0-12.el7
  • expat-devel-0:2.1.0-12.el7
  • expat-static-0:2.1.0-12.el7
  • expat-0:2.2.5-4.el8
  • expat-debuginfo-0:2.2.5-4.el8
  • expat-debugsource-0:2.2.5-4.el8
  • expat-devel-0:2.2.5-4.el8
refmap via4
bugtraq
  • 20190917 [slackware-security] expat (SSA:2019-259-01)
  • 20190923 [SECURITY] [DSA 4530-1] expat security update
  • 20191021 [slackware-security] python (SSA:2019-293-01)
  • 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update
  • 20191118 [SECURITY] [DSA 4571-1] thunderbird security update
  • 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3
  • 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1
confirm
debian
  • DSA-4530
  • DSA-4549
  • DSA-4571
fedora
  • FEDORA-2019-613edfe68b
  • FEDORA-2019-672ae0f060
  • FEDORA-2019-9505c6b555
fulldisc
  • 20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
  • 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • 20191213 APPLE-SA-2019-12-10-5 tvOS 13.3
  • 20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1
gentoo GLSA-201911-08
misc
mlist
  • [debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update
  • [debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update
suse
  • openSUSE-SU-2019:2204
  • openSUSE-SU-2019:2205
  • openSUSE-SU-2019:2420
  • openSUSE-SU-2019:2424
  • openSUSE-SU-2019:2425
  • openSUSE-SU-2019:2447
  • openSUSE-SU-2019:2451
  • openSUSE-SU-2019:2452
  • openSUSE-SU-2019:2459
  • openSUSE-SU-2019:2464
  • openSUSE-SU-2020:0010
  • openSUSE-SU-2020:0086
ubuntu
  • USN-4132-1
  • USN-4132-2
  • USN-4165-1
  • USN-4202-1
  • USN-4335-1
Last major update 28-07-2022 - 11:23
Published 04-09-2019 - 06:15
Last modified 28-07-2022 - 11:23
Back to Top