Do your applications use this vulnerable package?
Test your applications
Overview
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
- ADVISORY
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- BUGTRAQ
- Bugtraq Mailing List
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- DEBIAN
- DEBIAN
- DEBIAN
- Debian Security Tracker
- FEDORA
- FEDORA
- FEDORA
- FULLDISC
- FULLDISC
- FULLDISC
- FULLDISC
- GENTOO
- GitHub Commit
- GitHub Issue
- GitHub Issue
- GitHub PR
- MISC
- MISC
- MISC
- MISC
- MLIST
- MLIST
- N/A
- REDHAT
- REDHAT
- REDHAT
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- SUSE
- UBUNTU
- UBUNTU
- UBUNTU
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
CVSS Score
7.5
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityNone
-
IntegrityNone
-
AvailabilityHigh
- CVE
- CVE-2019-15903
- CWE
- CWE-125 CWE-776
- Snyk ID
- SNYK-DEBIAN8-EXPAT-460797
- Disclosed
- 04 Sep, 2019
- Published
- 04 Sep, 2019