PT-2013-1369 · Expat+6 · Expat+6

Published

2013-02-19

·

Updated

2025-11-25

·

CVE-2013-0340

CVSS v2.0

6.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions expat versions 2.1.0 and earlier
Description The issue is related to the incorrect restriction of XML external entity references in the Expat XML parsing library. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be exploited by sending crafted XML documents, potentially leading to resource consumption, sending HTTP requests to intranet servers, or reading arbitrary files. This is an XML External Entity (XXE) issue.
Recommendations For expat versions 2.1.0 and earlier, update to version 2.4.1 to resolve the issue. As a temporary workaround, consider using the XML SetEntityDeclHandler function to properly handle entity expansion, or disable external entity expansion to minimize the risk of exploitation.

Exploit

Fix

DoS

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

ALT-PU-2021-2828
ALT-PU-2021-3530
ALT-PU-2022-1130
ALT-PU-2022-1176
ALT-PU-2023-1518
ALT-PU-2023-4107
ALT-PU-2024-2598
ALT-PU-2024-3474
BDU:2023-09069
CVE-2013-0340
OESA-2021-1261
OPENSUSE-SU-2024:10748-1
OPENSUSE-SU-2024:11285-1
PSF-2014-1
RHSA-2025:21776
RHSA-2025:22035
RHSA-2025:22607
RHSA-2025:22785
RHSA-2025:22842
RHSA-2025:22871
SUSE-SU-2025:20207-1
SUSE-SU-2025:20311-1

Affected Products

Alt Linux
Centos
Debian
Expat
Apple Macos
Red Hat
Red Os