// For flags

CVE-2019-15903

expat: heap-based buffer over-read via crafted XML input

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

En libexpat versiones anteriores a 2.2.8, una entrada XML especialmente diseñada podría engañar al analizador para que cambie de análisis DTD a análisis de documentos demasiado pronto; una llamada consecutiva a la función XML_GetCurrentLineNumber (o XML_GetCurrentColumnNumber) luego resultó en una lectura excesiva del búfer en la región heap de la memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-09-04 CVE Reserved
  • 2019-09-04 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • 2024-08-28 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
  • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CAPEC
References (61)
URL Tag Source
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html Third Party Advisory
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html Third Party Advisory
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/23 Mailing List
http://seclists.org/fulldisclosure/2019/Dec/26 Mailing List
http://seclists.org/fulldisclosure/2019/Dec/27 Mailing List
http://seclists.org/fulldisclosure/2019/Dec/30 Mailing List
https://github.com/libexpat/libexpat/issues/342 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html Mailing List
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html Mailing List
https://seclists.org/bugtraq/2019/Dec/17 Mailing List
https://seclists.org/bugtraq/2019/Dec/21 Mailing List
https://seclists.org/bugtraq/2019/Dec/23 Mailing List
https://seclists.org/bugtraq/2019/Nov/1 Mailing List
https://seclists.org/bugtraq/2019/Nov/24 Mailing List
https://seclists.org/bugtraq/2019/Oct/29 Mailing List
https://seclists.org/bugtraq/2019/Sep/30 Mailing List
https://seclists.org/bugtraq/2019/Sep/37 Mailing List
https://security.netapp.com/advisory/ntap-20190926-0004 Third Party Advisory
https://support.apple.com/kb/HT210785 Third Party Advisory
https://support.apple.com/kb/HT210788 Third Party Advisory
https://support.apple.com/kb/HT210789 Third Party Advisory
https://support.apple.com/kb/HT210790 Third Party Advisory
https://support.apple.com/kb/HT210793 Third Party Advisory
https://support.apple.com/kb/HT210794 Third Party Advisory
https://support.apple.com/kb/HT210795 Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html Third Party Advisory
https://www.tenable.com/security/tns-2021-11 Third Party Advisory
URL Date SRC
https://github.com/libexpat/libexpat/issues/317 2024-08-05
URL Date SRC
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 2023-11-07
https://github.com/libexpat/libexpat/pull/318 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3210 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3237 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3756 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG 2023-11-07
https://security.gentoo.org/glsa/201911-08 2023-11-07
https://usn.ubuntu.com/4132-1 2023-11-07
https://usn.ubuntu.com/4132-2 2023-11-07
https://usn.ubuntu.com/4165-1 2023-11-07
https://usn.ubuntu.com/4202-1 2023-11-07
https://usn.ubuntu.com/4335-1 2023-11-07
https://www.debian.org/security/2019/dsa-4530 2023-11-07
https://www.debian.org/security/2019/dsa-4549 2023-11-07
https://www.debian.org/security/2019/dsa-4571 2023-11-07
https://access.redhat.com/security/cve/CVE-2019-15903 2021-03-22
https://bugzilla.redhat.com/show_bug.cgi?id=1752592 2021-03-22
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libexpat Project
Search vendor "Libexpat Project"
 Libexpat
Search vendor "Libexpat Project" for product "Libexpat"
 < 2.2.8
Search vendor "Libexpat Project" for product "Libexpat" and version " < 2.2.8"
-
Affected
Python
Search vendor "Python"
 Python
Search vendor "Python" for product "Python"
 >= 2.7.0 < 2.7.17
Search vendor "Python" for product "Python" and version " >= 2.7.0 < 2.7.17"
-
Affected
Python
Search vendor "Python"
 Python
Search vendor "Python" for product "Python"
 >= 3.5.0 < 3.5.8
Search vendor "Python" for product "Python" and version " >= 3.5.0 < 3.5.8"
-
Affected
Python
Search vendor "Python"
 Python
Search vendor "Python" for product "Python"
 >= 3.6.0 < 3.6.10
Search vendor "Python" for product "Python" and version " >= 3.6.0 < 3.6.10"
-
Affected
Python
Search vendor "Python"
 Python
Search vendor "Python" for product "Python"
 >= 3.7.0 < 3.7.5
Search vendor "Python" for product "Python" and version " >= 3.7.0 < 3.7.5"
-
Affected