7.5

CVE-2017-9233

Exploit
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libexpat ProjectLibexpat Version <= 2.2.0
PythonPython Version >= 2.7.0 < 2.7.15
PythonPython Version >= 3.3.0 < 3.3.7
PythonPython Version >= 3.4.0 < 3.4.7
PythonPython Version >= 3.5.0 < 3.5.4
PythonPython Version >= 3.6.0 < 3.6.2
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.74% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
http://www.securitytracker.com/id/1039427
Third Party Advisory
VDB Entry
https://support.apple.com/HT208112
Third Party Advisory
https://support.apple.com/HT208113
Third Party Advisory
https://support.apple.com/HT208115
Third Party Advisory
https://support.apple.com/HT208144
Third Party Advisory
http://www.debian.org/security/2017/dsa-3898
Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/06/17/7
VDB Entry
Mailing List
http://www.securityfocus.com/bid/99276
Third Party Advisory
VDB Entry
https://github.com/libexpat/libexpat/blob/master/expat/Changes
Third Party Advisory
Release Notes
https://libexpat.github.io/doc/cve-2017-9233/
Vendor Advisory
Exploit
Technical Description
https://support.f5.com/csp/article/K03244804
Third Party Advisory