CVE-2018-20843 - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colo

CVE-2018-20843

Summary

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

References

Vulnerable Configurations

cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_res_3700:5.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_res_3700:5.7:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_res_3700:5.7.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hospitality_res_3700:5.7.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:4.4.1.15078:*:*:*:*:*:x64:*
cpe:2.3:a:tenable:nessus:4.4.1.15078:*:*:*:*:*:x64:*
cpe:2.3:a:tenable:nessus:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.3.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.4.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.5.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.6.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.6.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.8.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.9.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.6:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.7:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.8:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.9:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.10.9:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.11.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.12.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.12.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.12.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:6.12.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.1.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.2.5:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.7.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.7.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.7.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.8.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.9.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.9.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.10.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.10.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.10.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.11.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.11.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.12.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.12.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.13.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.13.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.13.1:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.13.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.13.2:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.14.0:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:8.14.0:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 18-04-2022 - 17:17)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

redhat via4

advisories

bugzilla

id	1723723
title	CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment mingw32-expat is earlier than 0:2.2.4-5.el8
oval oval:com.redhat.rhsa:tst:20204846001
comment mingw32-expat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204846002
AND
comment mingw64-expat is earlier than 0:2.2.4-5.el8
oval oval:com.redhat.rhsa:tst:20204846003
comment mingw64-expat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20204846004

rhsa

id	RHSA-2020:4846
released	2020-11-04
severity	Moderate
title	RHSA-2020:4846: mingw-expat security update (Moderate)

rpms

jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
expat-0:2.1.0-12.el7
expat-debuginfo-0:2.1.0-12.el7
expat-devel-0:2.1.0-12.el7
expat-static-0:2.1.0-12.el7
expat-0:2.2.5-4.el8
expat-debuginfo-0:2.2.5-4.el8
expat-debugsource-0:2.2.5-4.el8
expat-devel-0:2.2.5-4.el8
mingw32-expat-0:2.2.4-5.el8
mingw32-expat-debuginfo-0:2.2.4-5.el8
mingw64-expat-0:2.2.4-5.el8
mingw64-expat-debuginfo-0:2.2.4-5.el8

refmap via4

bugtraq	20190628 [SECURITY] [DSA 4472-1] expat security update
confirm	https://security.netapp.com/advisory/ntap-20190703-0001/ https://support.f5.com/csp/article/K51011533
debian	DSA-4472
fedora	FEDORA-2019-139fcda84d FEDORA-2019-18868e1715
gentoo	GLSA-201911-08
misc	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes https://github.com/libexpat/libexpat/issues/186 https://github.com/libexpat/libexpat/pull/262 https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html
mlist	[debian-lts-announce] 20190629 [SECURITY] [DLA 1839-1] expat security update
suse	openSUSE-SU-2019:1777
ubuntu	USN-4040-1 USN-4040-2

Last major update

18-04-2022 - 17:17

Published

24-06-2019 - 17:15

Last modified

18-04-2022 - 17:17