Lucene search
Veracode Vulnerability DatabaseVERACODE:2436HistoryJun 08, 2016 - 7:23 a.m.
Weak Cryptographic Protection
2016-06-0807:23:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.002 Low
EPSS
Percentile
60.9%
expat is vulnerable to having its cryptographic protection mechanisms defeated. This would only be possible when a parser that has not called XML_SetHashSalt or passed it a seed of 0. It is possible due to the use of the srand function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| expat | eq | 2.1 | |
| expat | eq | 2.1.0__10.el7_3 | |
| expat:3.3 | eq | 2.1.1-r1 | |
| expat:trusty | eq | 2.1.0-4ubuntu1 | |
| expat:precise | eq | 2.0.1-7.2ubuntu1 |
References
www.debian.org/security/2016/dsa-3597
www.openwall.com/lists/oss-security/2016/06/03/8
www.openwall.com/lists/oss-security/2016/06/04/1
www.securityfocus.com/bid/91483
www.ubuntu.com/usn/USN-3010-1
bugzilla.redhat.com/show_bug.cgi?id=1197087
security.gentoo.org/glsa/201701-21
source.android.com/security/bulletin/2016-11-01.html
sourceforge.net/p/expat/bugs/499/
sourceforge.net/p/expat/bugs/519/
www.tenable.com/security/tns-2016-20
Related
debiancve
debiancve
CVE-2012-6702
2016-06-16 18:59:00
cvelist
cvelist
CVE-2012-6702
2016-06-16 18:00:00
nvd
nvd
CVE-2012-6702
2016-06-16 18:59:00
prion
prion
Design/Logic Flaw
2016-06-16 18:59:00
cve
cve
CVE-2012-6702
2016-06-16 18:59:00
f5
f5
SOL65460334 - Expat XML parser vulnerability CVE-2012-6702
2016-09-06 00:00:00
K65460334 : Expat XML parser vulnerability CVE-2012-6702
2016-09-06 00:00:00
osv
osv
CVE-2012-6702
2016-06-16 18:59:00
expat - security update
2016-06-08 00:00:00
expat - security update
2016-06-07 00:00:00
nessus
nessus
F5 Networks BIG-IP : Expat XML parser vulnerability (K65460334)
2017-05-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Expat vulnerabilities (USN-3010-1)
2016-06-21 00:00:00
Debian DLA-508-1 : expat security update
2016-06-09 00:00:00
alpinelinux
alpinelinux
CVE-2012-6702
2016-06-16 18:59:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2012-6702
2012-12-31 00:00:00
CVE-2016-5300
2016-06-06 00:00:00
ubuntu
ubuntu
Expat vulnerabilities
2016-06-20 00:00:00
XML-RPC for C and C++ vulnerabilities
2016-06-20 00:00:00
cloudfoundry
cloudfoundry
USN-3010-1 Expat vulnerabilities | Cloud Foundry
2016-07-13 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3010-1)
2016-06-21 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0424-1)
2021-04-19 00:00:00
Debian Security Advisory DSA 3597-1 (expat - security update)
2016-06-07 00:00:00
mageia
mageia
Updated expat packages fix security vulnerabilities
2016-06-17 08:58:14
archlinux
archlinux
expat: multiple issues
2016-06-13 00:00:00
lib32-expat: multiple issues
2016-06-13 00:00:00
debian
debian
[SECURITY] [DLA 508-1] expat security update
2016-06-08 09:29:13
[SECURITY] [DSA 3597-1] expat security update
2016-06-07 16:44:57
[SECURITY] [DSA 3597-1] expat security update
2016-06-07 16:44:57
freebsd
freebsd
expat -- multiple vulnerabilities
2016-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23
2016-06-19 07:27:54
[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22
2016-07-12 02:27:38
[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24
2016-06-21 19:27:49
gentoo
gentoo
Expat: Multiple vulnerabilities
2017-01-11 00:00:00
slackware
slackware
[slackware-security] expat
2016-12-24 19:24:21
apple
apple
About the security content of iTunes 12.6 - Apple Support
2017-03-22 07:40:40
About the security content of iTunes 12.6
2017-03-21 00:00:00
About the security content of iTunes 12.6 for Windows
2017-03-21 00:00:00
suse
suse
Security update for SLES 12-SP2 Docker image (important)
2017-10-11 03:08:09
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
androidsecurity
androidsecurity
Android Security BulletinβNovember 2016
2016-11-07 00:00:00