Home

CVE-2018-20843

Description

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
5.686

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Nessus 8.15.0Windows
Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Tenable Nessus 8.15.0Windows
Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.3.0Windows
Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0Windows
Vulnerabilities CVE-2018-20843 are affected in Expat XML Parser 2.2.6Windows
(RHSA-2020:4484) expat security update expat-2.2.5-4.el8.i686.rpmLinux
(RHSA-2020:4484) expat security update expat-2.2.5-4.el8.x86_64.rpmLinux
(RHSA-2020:4484) expat security update expat-debugsource-2.2.5-4.el8.i686.rpmLinux
(RHSA-2020:4484) expat security update expat-debugsource-2.2.5-4.el8.x86_64.rpmLinux
(RHSA-2020:4484) expat security update expat-devel-2.2.5-4.el8.i686.rpmLinux
(RHSA-2020:4484) expat security update expat-devel-2.2.5-4.el8.x86_64.rpmLinux
XML Parser Toolkit, runtime libraries (USN-7199-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.debLinux
library for rendering vector based animations and art (USN-7198-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.debLinux
Improper Restriction of XML External Entity Reference Vulnerability (CVE-2018-20843)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-351818Expat XML Parser (2.7.3)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234