StarlingX

CVE-2018-20843: expat: XML input leads to high RAM and CPU

Bug #1902997 reported by Ghada Khalil on 2020-11-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Michel Thebeau [WIND]

Bug Description

CVE-2018-20843: expat: XML input leads to high RAM and CPU
CVSSv2: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Description:
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20843
https://access.redhat.com/errata/RHSA-2020:3952
https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012694.html

Required package version:
expat-2.1.0-12.el7

Tags:

CVE References

2018-20843

Revision history for this message

Ghada Khalil (gkhalil) wrote on 2020-11-05:

Applicable to stx master (aka stx.5.0) as well as stx.4.0.
The process is to address the CVE in stx master first and then cherrypick to the appropriate release branches after some soak time.

Changed in starlingx:
importance:	Undecided → Medium
status:	New → Triaged
importance:	Medium → High
tags:	added: stx.4.0 stx.5.0 stx.security
Changed in starlingx:
assignee:	nobody → Michel Thebeau [WIND] (mthebeau)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-11-05: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/761682

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-11-05:

Fix proposed to branch: master
Review: https://review.opendev.org/761683

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-11-05: Change abandoned on tools (master)

Change abandoned by Michel Thebeau (WIND) (<email address hidden>) on branch: master
Review: https://review.opendev.org/761683

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-11-05:

Change abandoned by Michel Thebeau (WIND) (<email address hidden>) on branch: master
Review: https://review.opendev.org/761682

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-11-06: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/761690

Revision history for this message

Michel Thebeau [WIND] (mthebeau) wrote on 2020-11-27:

Merged as:
https://review.opendev.org/plugins/gitiles/starlingx/tools/+/b2101224ec2f99ce8101fd0fabcb24d78e63b9db

Revision history for this message

Michel Thebeau [WIND] (mthebeau) wrote on 2020-11-27:

Reviewed: https://review.opendev.org/c/starlingx/tools/+/761690/
Committed: https://opendev.org/starlingx/tools/commit/b2101224ec2f99ce8101fd0fabcb24d78e63b9db
Submitter: Zuul
Branch: master

commit b2101224ec2f99ce8101fd0fabcb24d78e63b9db
Author: Michel Thebeau <email address hidden>
Date: Mon Nov 16 16:31:00 2020 -0500

expat: CVE-2018-20843: XML input leads to high RAM

Crafted XML input leads to high RAM and CPU.

    Fix is provided by Centos RPMs:
    expat-2.1.0-12.el7.x86_64.rpm
    expat-devel-2.1.0-12.el7.x86_64.rpm

Test:
Build. Deploy AIO-SX. Run reproducer.

    Closes-Bug: 1902997
    Change-Id: Ia56722d7c0c71e22139f2b1b8c4d5174b04414fc
    Signed-off-by: Michel Thebeau <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Revision history for this message

Michel Thebeau [WIND] (mthebeau) wrote on 2020-11-27:

Fix proposed to branch: r/stx.4.0
Review: https://review.opendev.org/c/starlingx/tools/+/764497

Revision history for this message

Michel Thebeau [WIND] (mthebeau) wrote on 2020-12-02:

#10

Reviewed: https://review.opendev.org/c/starlingx/tools/+/764497
Committed: https://review.opendev.org/plugins/gitiles/starlingx/tools/+/cfe9e78c0b40c582c115bbea2b245ccdb84e5e07
Submitter: Zuul
Branch: r/stx.4.0

commit cfe9e78c0b40c582c115bbea2b245ccdb84e5e07 (starlingx/r/stx.4.0, m/r/stx.4.0)
Author: Michel Thebeau <email address hidden>
Date: Mon Nov 16 16:31:00 2020 -0500

expat: CVE-2018-20843: XML input leads to high RAM

Crafted XML input leads to high RAM and CPU.

    Fix is provided by Centos RPMs:
    expat-2.1.0-12.el7.x86_64.rpm
    expat-devel-2.1.0-12.el7.x86_64.rpm

Test:
Build. Deploy AIO-SX. Run reproducer.

    Closes-Bug: 1902997
    Change-Id: Ia56722d7c0c71e22139f2b1b8c4d5174b04414fc
    Signed-off-by: Michel Thebeau <email address hidden>

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.