Lucene search
AmazonALAS-2020-1460HistoryDec 16, 2020 - 8:31 p.m.
Medium: expat
2020-12-1620:31:00
alas.aws.amazon.com
27
0.582 Medium
EPSS
Percentile
97.7%
Issue Overview:
It was discovered that the “setElementTypePrefix()” function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service. (CVE-2018-20843 __)
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. (CVE-2019-15903 __)
Affected Packages:
expat
Issue Correction:
Run yum update expat to update your system.
New Packages:
i686:
expat-2.1.0-12.24.amzn1.i686
expat-debuginfo-2.1.0-12.24.amzn1.i686
expat-devel-2.1.0-12.24.amzn1.i686
src:
expat-2.1.0-12.24.amzn1.src
x86_64:
expat-debuginfo-2.1.0-12.24.amzn1.x86_64
expat-devel-2.1.0-12.24.amzn1.x86_64
expat-2.1.0-12.24.amzn1.x86_64
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | x86_64 | expat | < 2.1.0-12.24.amzn1 | expat-2.1.0-12.24.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | expat-debuginfo | < 2.1.0-12.24.amzn1 | expat-debuginfo-2.1.0-12.24.amzn1.x86_64.rpm |
| Amazon Linux | 1 | i686 | expat-devel | < 2.1.0-12.24.amzn1 | expat-devel-2.1.0-12.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | expat | < 2.1.0-12.24.amzn1 | expat-2.1.0-12.24.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | expat-debuginfo | < 2.1.0-12.24.amzn1 | expat-debuginfo-2.1.0-12.24.amzn1.i686.rpm |
| Amazon Linux | 1 | src | expat | < 2.1.0-12.24.amzn1 | expat-2.1.0-12.24.amzn1.src.rpm |
| Amazon Linux | 1 | x86_64 | expat-devel | < 2.1.0-12.24.amzn1 | expat-devel-2.1.0-12.24.amzn1.x86_64.rpm |
Related
ubuntu
ubuntu
VTK vulnerabilities
2021-03-15 00:00:00
Expat vulnerability
2019-06-26 00:00:00
Expat vulnerability
2019-06-26 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4852-1)
2023-01-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1835-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1834-1)
2021-04-19 00:00:00
almalinux
almalinux
Moderate: expat security update
2020-11-03 12:09:00
Moderate: mingw-expat security update
2020-11-03 12:41:03
centos
centos
expat security update
2020-10-20 17:58:03
osv
osv
vtk vulnerabilities
2021-03-15 22:38:15
Moderate: expat security update
2020-11-03 12:09:00
expat - security update
2019-06-29 00:00:00
nessus
nessus
Oracle Linux 7 : expat (ELSA-2020-3952)
2020-10-07 00:00:00
AlmaLinux 8 : expat (ALSA-2020:4484)
2022-02-09 00:00:00
GLSA-201911-08 : Expat: Multiple vulnerabilities
2019-11-25 00:00:00
oraclelinux
oraclelinux
expat security update
2020-11-10 00:00:00
expat security update
2020-10-06 00:00:00
gentoo
gentoo
Expat: Multiple vulnerabilities
2019-11-25 00:00:00
amazon
amazon
Medium: expat
2021-01-12 22:51:00
Medium: expat
2020-10-22 17:32:00
redhat
redhat
(RHSA-2020:3952) Moderate: expat security update
2020-09-29 07:46:19
(RHSA-2020:4484) Moderate: expat security update
2020-11-03 12:09:00
(RHSA-2020:4846) Moderate: mingw-expat security update
2020-11-03 12:41:03
rocky
rocky
expat security update
2020-11-03 12:09:00
mingw-expat security update
2020-11-03 00:00:00
ibm
ibm
altlinux
altlinux
Security fix for the ALT Linux 9 package expat version 2.2.9-alt1
2020-05-31 00:00:00
mageia
mageia
Updated expat packages fix security vulnerability
2019-09-15 15:11:55
Updated expat packages fix security vulnerability
2019-11-08 02:36:48
cvelist
cvelist
CVE-2018-20843
2019-06-24 16:06:38
CVE-2019-15903
2019-09-04 05:59:16
debian
debian
[SECURITY] [DLA 1839-1] expat security update
2019-06-29 18:59:53
[SECURITY] [DSA 4472-1] expat security update
2019-06-28 09:30:19
[SECURITY] [DLA 1912-1] expat security update
2019-09-06 14:21:17
fedora
fedora
[SECURITY] Fedora 30 Update: expat-2.2.7-1.fc30
2019-07-10 00:51:48
[SECURITY] Fedora 29 Update: expat-2.2.7-1.fc29
2019-07-16 03:22:19
[SECURITY] Fedora 30 Update: expat-2.2.8-1.fc30
2019-09-25 01:08:45
veracode
veracode
Denial Of Service (DoS)
2019-07-01 08:36:31
Denial Of Service (Dos)
2019-09-05 06:48:20
redhatcve
redhatcve
CVE-2018-20843
2020-04-04 05:18:28
CVE-2019-15903
2019-12-28 03:54:22
cve
cve
CVE-2018-20843
2019-06-24 17:15:09
CVE-2019-15903
2019-09-04 06:15:10
nvd
nvd
CVE-2018-20843
2019-06-24 17:15:09
CVE-2019-15903
2019-09-04 06:15:10
debiancve
debiancve
CVE-2018-20843
2019-06-24 17:15:09
CVE-2019-15903
2019-09-04 06:15:10
ubuntucve
ubuntucve
CVE-2018-20843
2019-06-24 00:00:00
CVE-2019-15903
2019-09-04 00:00:00
cbl_mariner
cbl_mariner
CVE-2018-20843 affecting package expat 2.2.6-4
2020-09-09 06:09:14
CVE-2019-15903 affecting package expat 2.2.6-4
2022-01-10 03:59:19
f5
f5
K51011533 : Expat XML parser vulnerability CVE-2018-20843
2019-07-18 00:00:00
K34239812 : Libexpat vulnerability CVE-2019-15903
2022-08-05 00:00:00
K05295469 : Expat vulnerability CVE-2019-15903
2022-02-03 00:00:00
alpinelinux
alpinelinux
CVE-2018-20843
2019-06-24 17:15:09
CVE-2019-15903
2019-09-04 06:15:10
cloudfoundry
cloudfoundry
USN-4040-1: Expat vulnerability | Cloud Foundry
2019-08-28 00:00:00
USN-4132-1: Expat vulnerability | Cloud Foundry
2019-09-30 00:00:00
suse
suse
Security update for expat (moderate)
2019-07-21 00:00:00
Security update for expat (moderate)
2019-09-28 00:00:00
Security update for expat (moderate)
2019-09-28 00:00:00
prion
prion
Input validation
2019-06-24 17:15:00
Heap overflow
2019-09-04 06:15:00
freebsd
freebsd
python 3.7 -- multiple vulnerabilities
2019-09-14 00:00:00
slackware
slackware
[slackware-security] expat
2019-09-16 21:54:40
[slackware-security] python
2019-10-20 20:16:04
symantec
symantec
Libexpat Expat CVE-2019-15903 Heap Buffer Overflow Vulnerability
2019-09-04 00:00:00
photon
photon