7.5

CVE-2017-9233

Exploit

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Data is provided by the National Vulnerability Database (NVD)
Libexpat ProjectLibexpat Version <= 2.2.0
PythonPython Version >= 2.7.0 < 2.7.15
PythonPython Version >= 3.3.0 < 3.3.7
PythonPython Version >= 3.4.0 < 3.4.7
PythonPython Version >= 3.5.0 < 3.5.4
PythonPython Version >= 3.6.0 < 3.6.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.377
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

http://www.securitytracker.com/id/1039427
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/99276
Third Party Advisory
VDB Entry
https://libexpat.github.io/doc/cve-2017-9233/
Vendor Advisory
Exploit
Technical Description