Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Related bugs and status

CVE-2018-20843 (Candidate) is related to these bugs:

Bug #1902997: CVE-2018-20843: expat: XML input leads to high RAM and CPU

Summary				In	Importance	Status
	1902997	CVE-2018-20843: expat: XML input leads to high RAM and CPU		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugs.chromium....
MISC: https://github.com/lib...
MISC: https://github.com/lib...
MISC: https://github.com/lib...
MISC: https://github.com/lib...
UBUNTU: USN-4040-1
UBUNTU: USN-4040-2
BUGTRAQ: 20190628 [SECURITY] [D...
DEBIAN: DSA-4472
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...
FEDORA: FEDORA-2019-18868e1715
FEDORA: FEDORA-2019-139fcda84d
CONFIRM: https://support.f5.com...
SUSE: openSUSE-SU-2019:1777
GENTOO: GLSA-201911-08
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
MISC: https://www.oracle.com...
CONFIRM: https://www.tenable.co...
MISC: https://www.oracle.com...