Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2017-9233

Published: 25/07/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libexpat

Vulnerability Summary

XML External Entity vulnerability in libexpat 2.2.0 and previous versions (Expat XML Parser Library) allows malicious users to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libexpat project libexpat

python python

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Ubuntu Security Notice: expat vulnerability
Expat could be made to hang if it received specially crafted input ...
Ubuntu Security Notice: expat vulnerability
Expat could be made to hang if it received specially crafted input ...
Debian Security Advisories: DSA-3898-1 expat -- security update
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML An attacker can take advantage of this flaw to cause a denial of service against an ...
Red Hat: CVE-2017-9233
XML External Entity vulnerability in libexpat 220 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD ...
Arch Linux Issues:
An external entity infinite loop issue has been found in Expat < 221, leading to a denial of service ...

References

CWE-611CWE-835https://libexpat.github.io/doc/cve-2017-9233/https://github.com/libexpat/libexpat/blob/master/expat/Changeshttp://www.openwall.com/lists/oss-security/2017/06/17/7http://www.securityfocus.com/bid/99276http://www.securitytracker.com/id/1039427https://support.apple.com/HT208144https://support.apple.com/HT208115https://support.apple.com/HT208113https://support.apple.com/HT208112http://www.debian.org/security/2017/dsa-3898https://support.f5.com/csp/article/K03244804https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://nvd.nist.govhttps://usn.ubuntu.com/3356-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook