PT-2018-3004 · Expat+10 · Expat+10

Published

2018-01-10

Updated

2025-01-13

CVE-2018-20843

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.2.7

Description The issue is related to the XML parser in the Expat library, which can consume a high amount of RAM and CPU resources when processing XML input that includes XML names with a large number of colons. This can be exploited for denial-of-service attacks, allowing a remote attacker to cause a service disruption.

Recommendations For versions prior to 2.2.7, update to version 2.2.7 or later to resolve the issue. As a temporary workaround, consider restricting the processing of XML inputs with a large number of colons to minimize the risk of exploitation.

Exploit

Fix

DoS

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

ALSA-2020:4846

ALT-PU-2020-2053

ALT-PU-2020-3264

ALT-PU-2020-3273

BDU:2019-03327

CESA-2020_3952

CESA-2020_4484

CESA-2020_4846

CVE-2018-20843

DLA-1839-1

DSA-4472-1

MGASA-2019-0274

OPENSUSE-SU-2019:1777-1

OPENSUSE-SU-2019_1777-1

OPENSUSE-SU-2024:10748-1

RHSA-2020:2644

RHSA-2020:3952

RHSA-2020:4484

RHSA-2020:4846

RHSA-2020_3952

RHSA-2020_4484

RHSA-2020_4846

RLSA-2020:4484

SUSE-SU-2019:1834-1

SUSE-SU-2019:1835-1

SUSE-SU-2019_1834-1

SUSE-SU-2019_1835-1

USN-4040-1

USN-4040-2

USN-4852-1

USN-5455-1

USN-7199-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Expat

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2018-3004 · Expat+10 · Expat+10

CVE-2018-20843

Weakness Enumeration

Related Identifiers

Affected Products

References · 88