Vulnerabilities > CVE-2016-5300 - Resource Management Errors vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C9C252F52DEF11E6AE88002590263BF5.NASL
    descriptionSebastian Pipping reports : CVE-2012-6702 -- Resolve troublesome internal call to srand that was introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496) CVE-2016-5300 -- Use more entropy for hash initialization than the original fix to CVE-2012-0876.
    last seen2020-06-01
    modified2020-06-02
    plugin id91526
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91526
    titleFreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91526);
      script_version("2.7");
      script_cvs_date("Date: 2018/11/23 12:49:57");
    
      script_cve_id("CVE-2012-6702", "CVE-2016-5300");
    
      script_name(english:"FreeBSD : expat -- multiple vulnerabilities (c9c252f5-2def-11e6-ae88-002590263bf5)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sebastian Pipping reports :
    
    CVE-2012-6702 -- Resolve troublesome internal call to srand that was
    introduced with Expat 2.1.0 when addressing CVE-2012-0876 (issue #496)
    
    CVE-2016-5300 -- Use more entropy for hash initialization than the
    original fix to CVE-2012-0876."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210155"
      );
      # https://sourceforge.net/p/expat/code_git/ci/07cc2fcacf81b32b2e06aa918df51756525240c0/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a9e2354"
      );
      # http://www.openwall.com/lists/oss-security/2016/03/18/3
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.openwall.com/lists/oss-security/2016/03/18/3"
      );
      # https://vuxml.freebsd.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?eccb43af"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:expat");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/03/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"expat<2.1.1_1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3013-1.NASL
    descriptionIt was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-4472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91729
    published2016-06-21
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91729
    titleUbuntu 12.04 LTS : xmlrpc-c vulnerabilities (USN-3013-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-0FD6CA526A.NASL
    descriptionSecurity fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92229
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92229
    titleFedora 22 : expat (2016-0fd6ca526a)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-7C6E7A9265.NASL
    descriptionSecurity fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92117
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92117
    titleFedora 24 : expat (2016-7c6e7a9265)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0415-1.NASL
    descriptionThis update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97065
    published2017-02-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97065
    titleSUSE SLES11 Security Update : expat (SUSE-SU-2017:0415-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0424-1.NASL
    descriptionThis update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97080
    published2017-02-09
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97080
    titleSUSE SLED12 / SLES12 Security Update : expat (SUSE-SU-2017:0424-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-124-01.NASL
    descriptionNew python packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109583
    published2018-05-07
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109583
    titleSlackware 14.0 / 14.1 / 14.2 / current : python (SSA:2018-124-01)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-260.NASL
    descriptionThis update for expat fixes the following security issues : - CVE-2012-6702: Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, made it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. (bsc#983215) - CVE-2016-5300: The XML parser in Expat did not use sufficient entropy for hash initialization, which allowed context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (bsc#983216) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2017-02-21
    plugin id97280
    published2017-02-21
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/97280
    titleopenSUSE Security Update : expat (openSUSE-2017-260)
  • NASL familyPeer-To-Peer File Sharing
    NASL idITUNES_12_6_BANNER.NASL
    descriptionThe version of Apple iTunes running on the remote host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information. (CVE-2017-2383) - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463) - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id100026
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100026
    titleApple iTunes < 12.6 Multiple Vulnerabilities (uncredentialed check)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-508.NASL
    descriptionTwo related issues have been discovered in Expat, a C library for parsing XML. CVE-2012-6702 This issue was introduced when CVE-2012-0876 was addressed. Stefan S&oslash;rensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. CVE-2016-5300 This is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries. For Debian 7
    last seen2020-03-17
    modified2016-06-09
    plugin id91523
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91523
    titleDebian DLA-508-1 : expat security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1698.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126540
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126540
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : expat (EulerOS-SA-2019-1698)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9164F51EAE2011E7A633009C02A2AB30.NASL
    descriptionPython reports : Multiple vulnerabilities have been fixed in Python 2.7.14. Please refer to the CVE list for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id103796
    published2017-10-12
    reporterThis script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103796
    titleFreeBSD : Python 2.7 -- multiple vulnerabilities (9164f51e-ae20-11e7-a633-009c02a2ab30)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3597.NASL
    descriptionTwo related issues have been discovered in Expat, a C library for parsing XML. - CVE-2012-6702 It was introduced when CVE-2012-0876 was addressed. Stefan Sorensen discovered that the use of the function XML_Parse() seeds the random number generator generating repeated outputs for rand() calls. - CVE-2016-5300 It is the product of an incomplete solution for CVE-2012-0876. The parser poorly seeds the random number generator allowing an attacker to cause a denial of service (CPU consumption) via an XML file with crafted identifiers. You might need to manually restart programs and services using expat libraries.
    last seen2020-06-01
    modified2020-06-02
    plugin id91506
    published2016-06-08
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91506
    titleDebian DSA-3597-1 : expat - security update
  • NASL familyMisc.
    NASL idPVS_5_2_0.NASL
    descriptionThe version of Tenable Passive Vulnerability Scanner (PVS) installed on the remote host is 5.x < 5.2.0. It is, therefore, affected by multiple vulnerabilities : - Multiple denial of service vulnerabilities exist in Expat within file xmlparse.c due to a logical error in hash computations. An unauthenticated, remote attacker can exploit these, via a specially crafted XML file containing many identifiers with the same value, to cause the service to exhaust CPU resources. (CVE-2012-0876, CVE-2016-5300) - A flaw exists in the generate_hash_secret_salt() function in file lib/xmlparse.c within Expat due to the generation of non-random output by the PRNG. An unauthenticated, remote attacker can exploit this to more easily predict the PRNG output. (CVE-2012-6702) - Multiple buffer overflow conditions exist within Expat, specifically in the XML_GetBuffer() function in file lib/xmlparse.c, due to improper validation of user-supplied input when handling compressed XML content. An unauthenticated, remote attacker can exploit these to execute arbitrary code. (CVE-2015-1283, CVE-2016-4472) - Multiple buffer overflow conditions exist within the Expat XML parser when handling malformed input documents due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these to cause a denial of service condition or the execution of arbitrary code. (CVE-2016-0718, CVE-2016-0719) - Multiple integer overflow conditions exist in s3_srvr.c, ssl_sess.c, and t1_lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An unauthenticated, remote attacker can exploit these to cause a denial of service. (CVE-2016-2177) - An information disclosure vulnerability exists in the dsa_sign_setup() function in dsa_ossl.c due to a failure to properly ensure the use of constant-time operations. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose DSA key information. (CVE-2016-2178) - A denial of service vulnerability exists in the DTLS implementation due to a failure to properly restrict the lifetime of queue entries associated with unused out-of-order messages. An unauthenticated, remote attacker can exploit this, by maintaining multiple crafted DTLS sessions simultaneously, to exhaust memory. (CVE-2016-2179) - An out-of-bounds read error exists in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation. An unauthenticated, remote attacker can exploit this, via a crafted time-stamp file that is mishandled by the
    last seen2020-06-01
    modified2020-06-02
    plugin id96337
    published2017-01-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96337
    titleTenable Passive Vulnerability Scanner 5.x < 5.2.0 Multiple Vulnerabilities (SWEET32)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-60889583AB.NASL
    descriptionSecurity fixes for CVE-2016-4472, CVE-2016-5300, CVE-2016-0718 and CVE-2012-6702. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92102
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92102
    titleFedora 23 : expat (2016-60889583ab)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1742.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-07-22
    plugin id126869
    published2019-07-22
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126869
    titleEulerOS 2.0 SP2 : expat (EulerOS-SA-2019-1742)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2016-359-01.NASL
    descriptionNew expat packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id96092
    published2016-12-27
    reporterThis script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96092
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : expat (SSA:2016-359-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3010-1.NASL
    descriptionIt was discovered that Expat unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that Expat incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id91726
    published2016-06-21
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91726
    titleUbuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : expat vulnerabilities (USN-3010-1)
  • NASL familyWindows
    NASL idITUNES_12_6.NASL
    descriptionThe version of Apple iTunes installed on the remote Windows host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) - An information disclosure vulnerability exists in the APNs server component due to client certificates being transmitted in cleartext. A man-in-the-middle attacker can exploit this to disclose sensitive information. (CVE-2017-2383) - A use-after-free error exists in the WebKit component due to improper handling of RenderBox objects. An unauthenticated, remote attacker can exploit this to execute arbitrary code. (CVE-2017-2463) - Multiple universal cross-site scripting (XSS) vulnerabilities exist in the WebKit component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to visit a specially crafted web page, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id100025
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100025
    titleApple iTunes < 12.6 Multiple Vulnerabilities (credentialed check)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-21 (Expat: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted XML file, could execute arbitrary code with the privileges of the process or cause a Denial of Service condition. This attack could also be used against automated systems that arbitrarily process XML files. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96415
    published2017-01-12
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96415
    titleGLSA-201701-21 : Expat: Multiple vulnerabilities
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL70938105.NASL
    descriptionThe XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. (CVE-2016-5300) Impact An attacker may be able to cause a denial-of-service (DoS) attack by way ofcrafted identifiers in an XML document.
    last seen2020-03-17
    modified2016-10-27
    plugin id94301
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94301
    titleF5 Networks BIG-IP : Expat XML library vulnerability (K70938105)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2063.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).(CVE-2018-20843) - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129256
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129256
    titleEulerOS 2.0 SP3 : expat (EulerOS-SA-2019-2063)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_ITUNES_12_6.NASL
    descriptionThe version of Apple iTunes installed on the remote macOS or Mac OS X host is prior to 12.6. It is, therefore, affected by multiple vulnerabilities : - Multiple vulnerabilities exist in the expat component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300) - Multiple vulnerabilities exist in the SQLite component, the most severe of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing a user to open a specially crafted file, to cause a denial of service condition or the execution of arbitrary code in the context of the current user. (CVE-2013-7443, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-6153) Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id100027
    published2017-05-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100027
    titleApple iTunes < 12.6 Multiple Vulnerabilities (macOS) (credentialed check)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1666.NASL
    descriptionAccording to the versions of the expat packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ( Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.(CVE-2015-1283) - The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.(CVE-2016-4472) - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.(CVE-2016-5300) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-06-27
    plugin id126293
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126293
    titleEulerOS 2.0 SP5 : expat (EulerOS-SA-2019-1666)

References