High severity7.5NVD Advisory· Published Jun 24, 2019· Updated Jun 17, 2026
CVE-2018-20843
CVE-2018-20843
Description
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- expat/expatdescription
- Range: <2.2.7
- Range: <2.2.7
- osv-coords11 versionspkg:rpm/almalinux/mingw32-expatpkg:rpm/almalinux/mingw64-expatpkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
< 2.2.4-5.el8+ 10 more
- (no CPE)range: < 2.2.4-5.el8
- (no CPE)range: < 2.2.4-5.el8
- (no CPE)range: < 2.2.5-lp151.3.3.1
- (no CPE)range: < 2.2.5-lp151.3.3.1
- (no CPE)range: < 2.4.1-1.2
- (no CPE)range: < 2.1.0-21.6.1
- (no CPE)range: < 2.2.5-3.3.1
- (no CPE)range: < 2.2.5-3.3.1
- (no CPE)range: < 2.1.0-21.6.1
- (no CPE)range: < 2.1.0-21.6.1
- (no CPE)range: < 2.1.0-21.6.1
Patches
Vulnerability mechanics
References
21- github.com/libexpat/libexpat/issues/186nvdIssue TrackingPatchThird Party Advisory
- github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6nvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuApr2021.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuapr2020.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2020.htmlnvdPatchThird Party Advisory
- www.oracle.com/security-alerts/cpuoct2021.htmlnvdPatchThird Party Advisory
- github.com/libexpat/libexpat/pull/262nvdExploitPatchThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.htmlnvdMailing ListThird Party Advisory
- bugs.chromium.org/p/oss-fuzz/issues/detailnvdIssue TrackingThird Party Advisory
- github.com/libexpat/libexpat/blob/R_2_2_7/expat/ChangesnvdRelease NotesThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/06/msg00028.htmlnvdMailing ListThird Party Advisory
- seclists.org/bugtraq/2019/Jun/39nvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201911-08nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20190703-0001/nvdThird Party Advisory
- support.f5.com/csp/article/K51011533nvdThird Party Advisory
- usn.ubuntu.com/4040-1/nvdThird Party Advisory
- usn.ubuntu.com/4040-2/nvdThird Party Advisory
- www.debian.org/security/2019/dsa-4472nvdThird Party Advisory
- www.tenable.com/security/tns-2021-11nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/nvd
News mentions
0No linked articles in our index yet.