Home

CVE-2017-9233

Description

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.252

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.15Windows
Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.23Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.1Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13Mac
XML parsing C library (USN-3356-1) libexpat1_2.1.0-4ubuntu1.4_i386.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.1.0-4ubuntu1.4_amd64.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.2.0-1ubuntu0.1_i386.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.2.0-1ubuntu0.1_amd64.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.2.0-2ubuntu0.1_i386.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.2.0-2ubuntu0.1_amd64.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.1.0-7ubuntu0.16.04.3_i386.debLinux
XML parsing C library (USN-3356-1) libexpat1_2.1.0-7ubuntu0.16.04.3_amd64.debLinux
XML parsing C library (USN-3356-1) lib64expat1_2.1.0-4ubuntu1.4_i386.debLinux
XML parsing C library (USN-3356-1) lib64expat1_2.2.0-1ubuntu0.1_i386.debLinux
XML parsing C library (USN-3356-1) lib64expat1_2.2.0-2ubuntu0.1_i386.debLinux
XML parsing C library (USN-3356-1) lib64expat1_2.1.0-7ubuntu0.16.04.3_i386.debLinux
expat security update(DSA-3898-1) expat_2.1.0-6+deb8u4_kfreebsd-i386.debLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) expat-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) expat-debuginfo-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) expat-debuginfo-32bit-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) expat-debugsource-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) libexpat1-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) libexpat1-32bit-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) libexpat1-debuginfo-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2299-1(SUSE Linux Enterprise Desktop 12-SP2 ) libexpat1-debuginfo-32bit-2.1.0-21.3.1.x86_64.rpmLinux
SUSE-SU-2017:2375-1(SUSE Linux Enterprise Server 11-SP4 ) expat-2.0.1-88.42.3.2.x86_64.rpmLinux
SUSE-SU-2017:2375-1(SUSE Linux Enterprise Server 11-SP4 ) libexpat1-2.0.1-88.42.3.2.x86_64.rpmLinux
SUSE-SU-2017:2375-1(SUSE Linux Enterprise Server 11-SP4 ) libexpat1-32bit-2.0.1-88.42.3.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-debuginfo-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debuginfo-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debugsource-3.4.10-25.39.2.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-debuginfo-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debuginfo-3.4.10-25.39.3.x86_64.rpmLinux
SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debugsource-3.4.10-25.39.3.x86_64.rpmLinux
Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1
PATCH-601345Security Update 2017-001 macOS High Sierra v10.13

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234