Vulnerability Details : CVE-2018-20843
Potential exploit
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Vulnerability category: XML external entity (XXE) injectionDenial of service
Products affected by CVE-2018-20843
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:hospitality_res_3700:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-20843
70.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-20843
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2018-20843
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-20843
-
https://www.tenable.com/security/tns-2021-11
[R1] Nessus 8.15.0 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020Patch;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
[SECURITY] Fedora 30 Update: expat-2.2.7-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.html
Oracle Critical Patch Update Advisory - April 2020Patch;Third Party Advisory
-
https://seclists.org/bugtraq/2019/Jun/39
Bugtraq: [SECURITY] [DSA 4472-1] expat security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4040-2/
USN-4040-2: Expat vulnerability | Ubuntu security noticesThird Party Advisory
-
https://support.f5.com/csp/article/K51011533
Third Party Advisory
-
https://github.com/libexpat/libexpat/issues/186
[CVE-2018-20843] 88k xml file uses >2G memory · Issue #186 · libexpat/libexpat · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
[SECURITY] [DLA 1839-1] expat security updateMailing List;Third Party Advisory
-
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
xmlparse.c: Fix extraction of namespace prefix from XML name (#186) by hartwork · Pull Request #262 · libexpat/libexpat · GitHubPatch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20190703-0001/
CVE-2018-20843 Expat Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://usn.ubuntu.com/4040-1/
USN-4040-1: Expat vulnerability | Ubuntu security noticesThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
[SECURITY] Fedora 29 Update: expat-2.2.7-1.fc29 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
[security-announce] openSUSE-SU-2019:1777-1: moderate: Security update fMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.html
Oracle Critical Patch Update Advisory - April 2021Patch;Third Party Advisory
-
https://www.debian.org/security/2019/dsa-4472
Debian -- Security Information -- DSA-4472-1 expatThird Party Advisory
-
https://github.com/libexpat/libexpat/pull/262
xmlparse.c: Fix extraction of namespace prefix from XML name (#186) by hartwork · Pull Request #262 · libexpat/libexpat · GitHubExploit;Patch;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.html
Oracle Critical Patch Update Advisory - October 2021Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201911-08
Expat: Multiple vulnerabilities (GLSA 201911-08) — Gentoo securityThird Party Advisory
-
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
libexpat/Changes at R_2_2_7 · libexpat/libexpat · GitHubRelease Notes;Third Party Advisory
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
5226 - libreoffice/mmlfuzzer: Out-of-memory in libreoffice_mmlfuzzer - oss-fuzz - MonorailIssue Tracking;Third Party Advisory
Jump to