CVE-2018-20843: expat: XML input leads to high RAM and CPU
Bug #1902997 reported by
Ghada Khalil
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Michel Thebeau [WIND] |
Bug Description
CVE-2018-20843: expat: XML input leads to high RAM and CPU
CVSSv2: 7.8 (AV:N/AC:
Description:
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
References:
https:/
https:/
https:/
Required package version:
expat-2.1.0-12.el7
CVE References
To post a comment you must log in.
Applicable to stx master (aka stx.5.0) as well as stx.4.0.
The process is to address the CVE in stx master first and then cherrypick to the appropriate release branches after some soak time.