CVE-2018-20843
expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como para ser utilizables en ataques de denegación de servicio) .
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service.
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-24 CVE Reserved
- 2019-06-24 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (23)
| URL | Tag | Source |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 | Issue Tracking | |
| https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes | Release Notes | |
| https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/Jun/39 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190703-0001 | Third Party Advisory |
|
| https://support.f5.com/csp/article/K51011533 | Third Party Advisory | |
| https://www.tenable.com/security/tns-2021-11 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/libexpat/libexpat/pull/262 | 2024-08-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libexpat Project Search vendor "Libexpat Project" | Libexpat Search vendor "Libexpat Project" for product "Libexpat" | < 2.2.7 Search vendor "Libexpat Project" for product "Libexpat" and version " < 2.2.7" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 29 Search vendor "Fedoraproject" for product "Fedora" and version "29" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.0 Search vendor "Opensuse" for product "Leap" and version "15.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Hospitality Res 3700 Search vendor "Oracle" for product "Hospitality Res 3700" | >= 5.7 <= 5.7.6 Search vendor "Oracle" for product "Hospitality Res 3700" and version " >= 5.7 <= 5.7.6" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.1.3.0 Search vendor "Oracle" for product "Http Server" and version "12.1.3.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.4 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Outside In Technology Search vendor "Oracle" for product "Outside In Technology" | 8.5.5 Search vendor "Oracle" for product "Outside In Technology" and version "8.5.5" | - |
Affected
| ||||||
| Tenable Search vendor "Tenable" | Nessus Search vendor "Tenable" for product "Nessus" | < 8.15.0 Search vendor "Tenable" for product "Nessus" and version " < 8.15.0" | - |
Affected
| ||||||