ID CVE-2018-20843
Summary In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
References
Vulnerable Configurations
  • cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_res_3700:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:hospitality_res_3700:5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_res_3700:5.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:hospitality_res_3700:5.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:-:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:4.4.1.15078:*:*:*:*:*:x64:*
    cpe:2.3:a:tenable:nessus:4.4.1.15078:*:*:*:*:*:x64:*
  • cpe:2.3:a:tenable:nessus:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:5.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:5.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.7:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.8:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.9:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.8:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.10.9:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.10.9:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:6.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:6.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:7.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:nessus:8.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:tenable:nessus:8.14.0:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 18-04-2022 - 17:17)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat via4
advisories
bugzilla
id 1723723
title CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • comment mingw32-expat is earlier than 0:2.2.4-5.el8
          oval oval:com.redhat.rhsa:tst:20204846001
        • comment mingw32-expat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204846002
      • AND
        • comment mingw64-expat is earlier than 0:2.2.4-5.el8
          oval oval:com.redhat.rhsa:tst:20204846003
        • comment mingw64-expat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20204846004
rhsa
id RHSA-2020:4846
released 2020-11-04
severity Moderate
title RHSA-2020:4846: mingw-expat security update (Moderate)
rpms
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
  • expat-0:2.1.0-12.el7
  • expat-debuginfo-0:2.1.0-12.el7
  • expat-devel-0:2.1.0-12.el7
  • expat-static-0:2.1.0-12.el7
  • expat-0:2.2.5-4.el8
  • expat-debuginfo-0:2.2.5-4.el8
  • expat-debugsource-0:2.2.5-4.el8
  • expat-devel-0:2.2.5-4.el8
  • mingw32-expat-0:2.2.4-5.el8
  • mingw32-expat-debuginfo-0:2.2.4-5.el8
  • mingw64-expat-0:2.2.4-5.el8
  • mingw64-expat-debuginfo-0:2.2.4-5.el8
refmap via4
bugtraq 20190628 [SECURITY] [DSA 4472-1] expat security update
confirm
debian DSA-4472
fedora
  • FEDORA-2019-139fcda84d
  • FEDORA-2019-18868e1715
gentoo GLSA-201911-08
misc
mlist [debian-lts-announce] 20190629 [SECURITY] [DLA 1839-1] expat security update
suse openSUSE-SU-2019:1777
ubuntu
  • USN-4040-1
  • USN-4040-2
Last major update 18-04-2022 - 17:17
Published 24-06-2019 - 17:15
Last modified 18-04-2022 - 17:17
Back to Top