Bug 1723723 (CVE-2018-20843) - CVE-2018-20843 expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
Summary: CVE-2018-20843 expat: large number of colons in input makes parser consume hi...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-20843
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1773897 1773898 1773899 1723724 1723725 1723726
Blocks: 1723729
TreeView+ depends on / blocked
 
Reported: 2019-06-25 08:58 UTC by Marian Rehak
Modified: 2020-06-22 17:20 UTC (History)
49 users (show)

Fixed In Version: expat 2.2.7
Doc Type: If docs needed, set a value
Doc Text:
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service.
Clone Of:
Environment:
Last Closed: 2020-06-22 17:20:25 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:2644 None None None 2020-06-22 12:26:32 UTC
Red Hat Product Errata RHSA-2020:2646 None None None 2020-06-22 13:08:41 UTC

Description Marian Rehak 2019-06-25 08:58:03 UTC
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

External References:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031

Upstream Issue:

https://github.com/libexpat/libexpat/issues/186

Comment 1 Marian Rehak 2019-06-25 08:58:28 UTC
Created expat tracking bugs for this issue:

Affects: fedora-all [bug 1723724]


Created mingw-expat tracking bugs for this issue:

Affects: epel-7 [bug 1723726]
Affects: fedora-all [bug 1723725]

Comment 2 Joshua Padman 2019-07-24 10:24:58 UTC
This vulnerability is out of security support scope for the following products:
 * Red Hat Enterprise Application Platform 6
 * Red Hat JBoss Enterprise Web Server 2
Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.

Comment 5 Stefan Cornelius 2019-11-19 09:38:57 UTC
Statement:

When processing a specially crafted XML file, expat may use more memory than ultimately necessary, which can also lead to increased CPU usage and longer processing times. Depending on available system resources and configuration, this may also lead to the application triggering the Out-Of-Memory-Killer, causing the application to be terminated.

Comment 7 Mark Denihan 2020-01-27 14:59:42 UTC
Is there any plan to provide a patch for expat in RHEL7 and RHEL8 for this moderate severity issue? If so is there an ETA for those patches?

Comment 16 errata-xmlrpc 2020-06-22 12:26:22 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6
  JBoss Core Services on RHEL 7

Via RHSA-2020:2644 https://access.redhat.com/errata/RHSA-2020:2644

Comment 17 errata-xmlrpc 2020-06-22 13:08:37 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2020:2646 https://access.redhat.com/errata/RHSA-2020:2646

Comment 18 Product Security DevOps Team 2020-06-22 17:20:25 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-20843


Note You need to log in before you can comment on or make changes to this bug.