Vulnerability identifier: #VU42119

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2013-0340

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
expat
Universal components / Libraries / Libraries used by multiple products

Vendor: libexpat.org

Description

The vulnerability allows remote attackers to cause a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input within the expat library, when processing XML files. A remote attacker can pass specially crafted XML content to the affected library and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

expat: 1.95.1 - 2.0.1

---

CPE

• cpe:2.3:a:libexpat_org:libexpat:1.95.1:*:*:*:*:*:*:*

External links
http://openwall.com/lists/oss-security/2013/02/22/3
http://securitytracker.com/id?1028213
http://www.openwall.com/lists/oss-security/2013/04/12/6
http://security.gentoo.org/glsa/201701-21

---

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?