ID CVE-2019-15903
Summary In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
Vulnerable Configurations
  • cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-10-2020 - 22:15)
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Infiltration of Hardware Development Environment
    An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment firefox is earlier than 0:68.2.0-1.el7_7
        oval oval:com.redhat.rhsa:tst:20193193001
      • comment firefox is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100861006
    rhsa
    id RHSA-2019:3193
    released 2019-10-24
    severity Critical
    title RHSA-2019:3193: firefox security update (Critical)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment firefox is earlier than 0:68.2.0-2.el8_0
            oval oval:com.redhat.rhsa:tst:20193196001
          • comment firefox is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment firefox-debugsource is earlier than 0:68.2.0-2.el8_0
            oval oval:com.redhat.rhsa:tst:20193196003
          • comment firefox-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190966004
    rhsa
    id RHSA-2019:3196
    released 2019-10-24
    severity Critical
    title RHSA-2019:3196: firefox security update (Critical)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment thunderbird is earlier than 0:68.2.0-1.el7_7
        oval oval:com.redhat.rhsa:tst:20193210001
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896002
    rhsa
    id RHSA-2019:3210
    released 2019-10-29
    severity Important
    title RHSA-2019:3210: thunderbird security update (Important)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment thunderbird is earlier than 0:68.2.0-1.el8_0
            oval oval:com.redhat.rhsa:tst:20193237001
          • comment thunderbird is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100896002
        • AND
          • comment thunderbird-debugsource is earlier than 0:68.2.0-1.el8_0
            oval oval:com.redhat.rhsa:tst:20193237003
          • comment thunderbird-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191144004
    rhsa
    id RHSA-2019:3237
    released 2019-10-29
    severity Important
    title RHSA-2019:3237: thunderbird security update (Important)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment thunderbird is earlier than 0:68.2.0-2.el6_10
        oval oval:com.redhat.rhsa:tst:20193756001
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896002
    rhsa
    id RHSA-2019:3756
    released 2019-11-06
    severity Important
    title RHSA-2019:3756: thunderbird security update (Important)
rpms
  • firefox-0:68.2.0-1.el7_7
  • firefox-debuginfo-0:68.2.0-1.el7_7
  • firefox-0:68.2.0-2.el8_0
  • firefox-debuginfo-0:68.2.0-2.el8_0
  • firefox-debugsource-0:68.2.0-2.el8_0
  • thunderbird-0:68.2.0-1.el7_7
  • thunderbird-debuginfo-0:68.2.0-1.el7_7
  • thunderbird-0:68.2.0-1.el8_0
  • thunderbird-debuginfo-0:68.2.0-1.el8_0
  • thunderbird-debugsource-0:68.2.0-1.el8_0
  • thunderbird-0:68.2.0-2.el6_10
  • thunderbird-debuginfo-0:68.2.0-2.el6_10
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
refmap via4
bugtraq
  • 20190917 [slackware-security] expat (SSA:2019-259-01)
  • 20190923 [SECURITY] [DSA 4530-1] expat security update
  • 20191021 [slackware-security] python (SSA:2019-293-01)
  • 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update
  • 20191118 [SECURITY] [DSA 4571-1] thunderbird security update
  • 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3
  • 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1
confirm
debian
  • DSA-4530
  • DSA-4549
  • DSA-4571
fedora
  • FEDORA-2019-613edfe68b
  • FEDORA-2019-672ae0f060
  • FEDORA-2019-9505c6b555
fulldisc
  • 20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
  • 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • 20191213 APPLE-SA-2019-12-10-5 tvOS 13.3
  • 20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1
gentoo GLSA-201911-08
misc
mlist
  • [debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update
  • [debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update
suse
  • openSUSE-SU-2019:2204
  • openSUSE-SU-2019:2205
  • openSUSE-SU-2019:2420
  • openSUSE-SU-2019:2424
  • openSUSE-SU-2019:2425
  • openSUSE-SU-2019:2447
  • openSUSE-SU-2019:2451
  • openSUSE-SU-2019:2452
  • openSUSE-SU-2019:2459
  • openSUSE-SU-2019:2464
  • openSUSE-SU-2020:0010
  • openSUSE-SU-2020:0086
ubuntu
  • USN-4132-1
  • USN-4132-2
  • USN-4165-1
  • USN-4202-1
  • USN-4335-1
Last major update 20-10-2020 - 22:15
Published 04-09-2019 - 06:15
Last modified 20-10-2020 - 22:15
Back to Top