ID CVE-2018-20843
Summary In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
References
Vulnerable Configurations
  • cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 20-10-2021 - 11:15)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1723723
title CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment mingw32-expat is earlier than 0:2.2.4-5.el8
          oval oval:com.redhat.rhsa:tst:20204846001
        • comment mingw32-expat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204846002
      • AND
        • comment mingw64-expat is earlier than 0:2.2.4-5.el8
          oval oval:com.redhat.rhsa:tst:20204846003
        • comment mingw64-expat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204846004
rhsa
id RHSA-2020:4846
released 2020-11-04
severity Moderate
title RHSA-2020:4846: mingw-expat security update (Moderate)
rpms
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
  • expat-0:2.1.0-12.el7
  • expat-debuginfo-0:2.1.0-12.el7
  • expat-devel-0:2.1.0-12.el7
  • expat-static-0:2.1.0-12.el7
  • expat-0:2.2.5-4.el8
  • expat-debuginfo-0:2.2.5-4.el8
  • expat-debugsource-0:2.2.5-4.el8
  • expat-devel-0:2.2.5-4.el8
  • mingw32-expat-0:2.2.4-5.el8
  • mingw32-expat-debuginfo-0:2.2.4-5.el8
  • mingw64-expat-0:2.2.4-5.el8
  • mingw64-expat-debuginfo-0:2.2.4-5.el8
refmap via4
bugtraq 20190628 [SECURITY] [DSA 4472-1] expat security update
confirm
debian DSA-4472
fedora
  • FEDORA-2019-139fcda84d
  • FEDORA-2019-18868e1715
gentoo GLSA-201911-08
misc
mlist [debian-lts-announce] 20190629 [SECURITY] [DLA 1839-1] expat security update
suse openSUSE-SU-2019:1777
ubuntu
  • USN-4040-1
  • USN-4040-2
Last major update 20-10-2021 - 11:15
Published 24-06-2019 - 17:15
Last modified 20-10-2021 - 11:15
Back to Top