Unrated severityNVD Advisory· Published Jun 24, 2019· Updated May 30, 2025
CVE-2018-20843
CVE-2018-20843
Description
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
Affected products
12- expat/expatdescription
- osv-coords11 versionspkg:rpm/almalinux/mingw32-expatpkg:rpm/almalinux/mingw64-expatpkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 2.2.4-5.el8+ 10 more
- (no CPE)range: < 2.2.4-5.el8
- (no CPE)range: < 2.2.4-5.el8
- (no CPE)range: < 2.2.5-lp151.3.3.1
- (no CPE)range: < 2.2.5-lp151.3.3.1
- (no CPE)range: < 2.4.1-1.2
- (no CPE)range: < 2.1.0-21.6.1
- (no CPE)range: < 2.2.5-3.3.1
- (no CPE)range: < 2.2.5-3.3.1
- (no CPE)range: < 2.1.0-21.6.1
- (no CPE)range: < 2.1.0-21.6.1
- (no CPE)range: < 2.1.0-21.6.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/201911-08mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4040-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/4040-2/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2019/dsa-4472mitrevendor-advisoryx_refsource_DEBIAN
- bugs.chromium.org/p/oss-fuzz/issues/detailmitrex_refsource_MISC
- github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changesmitrex_refsource_MISC
- github.com/libexpat/libexpat/issues/186mitrex_refsource_MISC
- github.com/libexpat/libexpat/pull/262mitrex_refsource_MISC
- github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/06/msg00028.htmlmitremailing-listx_refsource_MLIST
- seclists.org/bugtraq/2019/Jun/39mitremailing-listx_refsource_BUGTRAQ
- security.netapp.com/advisory/ntap-20190703-0001/mitrex_refsource_CONFIRM
- support.f5.com/csp/article/K51011533mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2020.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2021.htmlmitrex_refsource_MISC
- www.tenable.com/security/tns-2021-11mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.