Bug 1723723 (CVE-2018-20843)
| Summary: | CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | apmukher, asoldano, bbaranow, bmaxwell, brian.stansberry, caillon, cdewolf, chazlett, cschalle, csutherl, darran.lofthouse, dosoudil, erik-fedora, gecko-bugs-nobody, gzaronik, iweiss, jawilson, jclere, jdoyle, jheger, jhorak, jorton, jperkins, jwon, krathod, kwills, lgao, markdenihan, mbabacek, mizdebsk, msochure, msuchy, msvehla, mturk, myarboro, nwallace, pjindal, pmackay, pslavice, psotirop, rguimara, rh-spice-bugs, rjones, rsvoboda, smaestri, stransky, tom.jenkinson, twalsh, weli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | expat 2.2.7 | Doc Type: | If docs needed, set a value |
| Doc Text: |
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-06-22 17:20:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1723724, 1723725, 1723726, 1773897, 1773898, 1773899 | ||
| Bug Blocks: | 1723729 | ||
|
Description
Marian Rehak
2019-06-25 08:58:03 UTC
Created expat tracking bugs for this issue: Affects: fedora-all [bug 1723724] Created mingw-expat tracking bugs for this issue: Affects: epel-7 [bug 1723726] Affects: fedora-all [bug 1723725] This vulnerability is out of security support scope for the following products: * Red Hat Enterprise Application Platform 6 * Red Hat JBoss Enterprise Web Server 2 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. Statement: When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated. Is there any plan to provide a patch for expat in RHEL7 and RHEL8 for this moderate severity issue? If so is there an ETA for those patches? This issue has been addressed in the following products: JBoss Core Services on RHEL 6 JBoss Core Services on RHEL 7 Via RHSA-2020:2644 https://access.redhat.com/errata/RHSA-2020:2644 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2020:2646 https://access.redhat.com/errata/RHSA-2020:2646 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-20843 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3952 https://access.redhat.com/errata/RHSA-2020:3952 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4484 https://access.redhat.com/errata/RHSA-2020:4484 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4846 https://access.redhat.com/errata/RHSA-2020:4846 |