expat is vulnerable to denial of service (DoS). The attack exists because XML parser does not validate and handle the XML names input with large number of colons, consuming high CPU and memory.
lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
github.com/libexpat/libexpat/issues/186
github.com/libexpat/libexpat/pull/262
github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
lists.debian.org/debian-lts-announce/2019/06/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
lists.fedoraproject.org/archives/list/[email protected]/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
seclists.org/bugtraq/2019/Jun/39
security.gentoo.org/glsa/201911-08
security.netapp.com/advisory/ntap-20190703-0001/
support.f5.com/csp/article/K51011533
usn.ubuntu.com/4040-1/
usn.ubuntu.com/4040-2/
www.debian.org/security/2019/dsa-4472
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpuoct2020.html
www.oracle.com/security-alerts/cpuoct2021.html
www.tenable.com/security/tns-2021-11