漏洞信息详情
libexpat 代码问题漏洞
- CNNVD编号:CNNVD-201906-908 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2018-20843
- 漏洞类型: 代码问题
- 发布时间: 2019-06-24
- 威胁类型: 远程
- 更新时间: 2021-10-20
- 厂 商:
- 漏洞来源: Ubuntu,Debian,Red ...
-
漏洞简介
libexpat是一款使用C语言编写的流式XML解析器。
libexpat 2.2.7之前版本中的libexpat存在代码问题漏洞。攻击者可借助XML名称中带有大量冒号的XML输入利用该漏洞造成拒绝服务(消耗大量RAM及CPU资源)。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
参考网址
来源:GENTOO
链接:https://security.gentoo.org/glsa/201911-08
来源:MISC
链接:https://github.com/libexpat/libexpat/issues/186
来源:MISC
链接:https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
来源:N/A
链接:https://www.oracle.com/security-alerts/cpuapr2020.html
来源:MLIST
链接:https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
来源:MISC
链接:https://github.com/libexpat/libexpat/pull/262
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20190703-0001/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
来源:CONFIRM
链接:https://www.tenable.com/security/tns-2021-11
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2020.html
来源:MISC
链接:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
来源:BUGTRAQ
链接:https://seclists.org/bugtraq/2019/Jun/39
来源:CONFIRM
链接:https://support.f5.com/csp/article/K51011533
来源:UBUNTU
链接:https://usn.ubuntu.com/4040-1/
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
来源:UBUNTU
链接:https://usn.ubuntu.com/4040-2/
来源:github.com
链接:https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
来源:DEBIAN
链接:https://www.debian.org/security/2019/dsa-4472
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuApr2021.html
来源:www.suse.com
链接:https://www.suse.com/support/update/announcement/2019/suse-su-20191835-1.html
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4040-2/
来源:usn.ubuntu.com
链接:https://usn.ubuntu.com/4040-1/
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1126605
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/884040
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/964768
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1115085
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/959023
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/884030
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/884036
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1106037
来源:www.debian.org
链接:http://www.debian.org/security/2019/dsa-4472
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161536/Red-Hat-Security-Advisory-2020-5635-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3535/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2602/
来源:http-server-affect-ibm-netezza-performance-portal
链接:http-server-affect-ibm-netezza-performance-portal/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1135354
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3826/
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuapr2021.html
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052216
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4679/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2657
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3729/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2162/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1727
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163747/Red-Hat-Security-Advisory-2021-3016-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1207
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-engineering-requirements-management-doors-next/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2142
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161429/Red-Hat-Security-Advisory-2021-0436-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161727/Red-Hat-Security-Advisory-2021-0778-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3389/
来源:http-server-vulnerabilities-2
链接:http-server-vulnerabilities-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0171/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159553/Red-Hat-Security-Advisory-2020-4255-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/155456/Gentoo-Linux-Security-Advisory-201911-08.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4100/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0323/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-4/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0845
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0691
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-bootable-media-creator-bomc-is-affected-by-vulnerabilities-in-libexpat/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162694/Red-Hat-Security-Advisory-2021-2021-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0386/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0099/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160889/Red-Hat-Security-Advisory-2021-0050-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162130/Red-Hat-Security-Advisory-2021-1129-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160125/Red-Hat-Security-Advisory-2020-5149-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160961/Red-Hat-Security-Advisory-2021-0146-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0936
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1127397
来源:www.nsfocus.net
链接:http://www.nsfocus.net/vulndb/46407
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158168/Red-Hat-Security-Advisory-2020-2646-01.html
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-libexpat-vulnerabilities-cve-2018-20843-cve-2019-15903/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2018-20843
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4596/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0319/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153456/Debian-Security-Advisory-4472-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4513/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159861/Red-Hat-Security-Advisory-2020-4846-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0234/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0584
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Expat-infinite-loop-via-XML-Names-Large-Colons-29637
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.1193
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021063012
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160624/Red-Hat-Security-Advisory-2020-5605-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021101930
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2316/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0737/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0864
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.0986
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.2368/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2604
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159381/Red-Hat-Security-Advisory-2020-3952-01.html
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021042525
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilties-have-been-fixed-in-the-ibm-security-access-manager-and-ibm-security-verify-access-appliances/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/159661/Red-Hat-Security-Advisory-2020-4264-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161916/Red-Hat-Security-Advisory-2021-0949-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162142/Red-Hat-Security-Advisory-2021-1079-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/153443/Ubuntu-Security-Notice-USN-4040-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.3631/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/161742/Red-Hat-Security-Advisory-2021-0799-01.html
受影响实体
暂无
补丁
- Expat 安全漏洞的修复措施<!--2019-6-24-->
还没有评论,来说两句吧...