Executive Summary

Informations
NameCVE-2019-15903First vendor Publication2019-09-04
VendorCveLast vendor Modification2019-09-12

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903

CWE : Common Weakness Enumeration

%idName
100 %CWE-611Information Leak Through XML External Entity File Disclosure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application18

Snort® IPS/IDS

DateDescription
2019-12-17libexpat internal entity heap over-read attempt
RuleID : 52254 - Revision : 1 - Type : FILE-OTHER
2019-12-17libexpat internal entity heap over-read attempt
RuleID : 52253 - Revision : 1 - Type : FILE-OTHER

Sources (Detail)

SourceUrl
BUGTRAQ https://seclists.org/bugtraq/2019/Sep/30
https://seclists.org/bugtraq/2019/Sep/37
CONFIRM https://github.com/libexpat/libexpat/issues/342
https://security.netapp.com/advisory/ntap-20190926-0004/
DEBIAN https://www.debian.org/security/2019/dsa-4530
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorapr...
MISC http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat...
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d18...
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/pull/318
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
UBUNTU https://usn.ubuntu.com/4132-1/
https://usn.ubuntu.com/4132-2/

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
DateInformations
2019-10-02 12:01:37
  • Multiple Updates
2019-10-01 01:09:48
  • Multiple Updates
2019-09-27 12:11:30
  • Multiple Updates
2019-09-25 12:11:08
  • Multiple Updates
2019-09-25 01:10:51
  • Multiple Updates
2019-09-23 12:01:22
  • Multiple Updates
2019-09-21 12:05:04
  • Multiple Updates
2019-09-18 21:19:40
  • Multiple Updates
2019-09-18 00:19:29
  • Multiple Updates
2019-09-17 13:19:38
  • Multiple Updates
2019-09-16 00:19:21
  • Multiple Updates
2019-09-13 05:19:17
  • Multiple Updates
2019-09-06 00:19:30
  • Multiple Updates
2019-09-04 17:19:22
  • Multiple Updates
2019-09-04 12:05:33
  • First insertion