#VU42119 Resource exhaustion in expat


Published: 2014-01-21 | Updated: 2021-10-11

Vulnerability identifier: #VU42119

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-0340

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
expat
Universal components / Libraries / Libraries used by multiple products

Vendor: libexpat.org

Description

The vulnerability allows remote attackers to cause a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input within the expat library, when processing XML files. A remote attacker can pass specially crafted XML content to the affected library and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

expat: 1.95.1 - 2.0.1

External links
http://openwall.com/lists/oss-security/2013/02/22/3
http://securitytracker.com/id?1028213
http://www.openwall.com/lists/oss-security/2013/04/12/6
http://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Rational ClearCase
Multiple vulnerabilities in IBM Tivoli Monitoring
Multiple vulnerabilities in IBM Security SiteProtector System
Multiple vulnerabilities in IBM HTTP Server
Multiple vulnerabilities in Apple tvOS
Multiple vulnerabilities in Apple watchOS
Multiple vulnerabilities in Apple iOS and iPadOS
Remote code execution in Apple macOS Catalina
Multiple vulnerabilities in Apple macOS Big Sur
openEuler 20.03 LTS SP1 update for expat