CVE-2019-15903 - Vulnerability Details

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libexpat Project	Libexpat
Python	Python
Redhat	Enterprise Linux Jboss Core Services Openshift Do

Configuration 1 [-]

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::

Package	CPE	Advisory	Released Date
JBoss Core Services on RHEL 6
jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6	cpe:/a:redhat:jboss_core_services:1::el6	RHSA-2020:2644	2020-06-22T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2020:2644	2020-06-22T00:00:00Z
Red Hat Enterprise Linux 6
thunderbird-0:68.2.0-2.el6_10	cpe:/o:redhat:enterprise_linux:6	RHSA-2019:3756	2019-11-06T00:00:00Z
Red Hat Enterprise Linux 7
firefox-0:68.2.0-1.el7_7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:3193	2019-10-24T00:00:00Z
thunderbird-0:68.2.0-1.el7_7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:3210	2019-10-29T00:00:00Z
expat-0:2.1.0-12.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2020:3952	2020-09-29T00:00:00Z
Red Hat Enterprise Linux 8
firefox-0:68.2.0-2.el8_0	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3196	2019-10-24T00:00:00Z
thunderbird-0:68.2.0-1.el8_0	cpe:/a:redhat:enterprise_linux:8	RHSA-2019:3237	2019-10-29T00:00:00Z
expat-0:2.2.5-4.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2020:4484	2020-11-04T00:00:00Z
Red Hat OpenShift Do
openshiftdo/odo-init-image-rhel7:1.1.3-2	cpe:/a:redhat:openshift_do:1.0::el7	RHSA-2021:0949	2021-03-22T00:00:00Z
Text-Only JBCS
expat	cpe:/a:redhat:jboss_core_services:1	RHSA-2020:2646	2020-06-22T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
http://seclists.org/fulldisclosure/2019/Dec/23
http://seclists.org/fulldisclosure/2019/Dec/26
http://seclists.org/fulldisclosure/2019/Dec/27
http://seclists.org/fulldisclosure/2019/Dec/30
https://access.redhat.com/errata/RHSA-2019:3210
https://access.redhat.com/errata/RHSA-2019:3237
https://access.redhat.com/errata/RHSA-2019:3756
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/issues/342
https://github.com/libexpat/libexpat/pull/318
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/
https://nvd.nist.gov/vuln/detail/CVE-2019-15903
https://seclists.org/bugtraq/2019/Dec/17
https://seclists.org/bugtraq/2019/Dec/21
https://seclists.org/bugtraq/2019/Dec/23
https://seclists.org/bugtraq/2019/Nov/1
https://seclists.org/bugtraq/2019/Nov/24
https://seclists.org/bugtraq/2019/Oct/29
https://seclists.org/bugtraq/2019/Sep/30
https://seclists.org/bugtraq/2019/Sep/37
https://security.gentoo.org/glsa/201911-08
https://security.netapp.com/advisory/ntap-20190926-0004/
https://support.apple.com/kb/HT210785
https://support.apple.com/kb/HT210788
https://support.apple.com/kb/HT210789
https://support.apple.com/kb/HT210790
https://support.apple.com/kb/HT210793
https://support.apple.com/kb/HT210794
https://support.apple.com/kb/HT210795
https://usn.ubuntu.com/4132-1/
https://usn.ubuntu.com/4132-2/
https://usn.ubuntu.com/4165-1/
https://usn.ubuntu.com/4202-1/
https://usn.ubuntu.com/4335-1/
https://www.cve.org/CVERecord?id=CVE-2019-15903
https://www.debian.org/security/2019/dsa-4530
https://www.debian.org/security/2019/dsa-4549
https://www.debian.org/security/2019/dsa-4571
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/security/tns-2021-11

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-04T05:59:16

Updated: 2024-08-05T01:03:32.547Z

Reserved: 2019-09-04T00:00:00

Link: CVE-2019-15903

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-04T06:15:10.877

Modified: 2024-11-21T04:29:42.210

Link: CVE-2019-15903

Redhat

Severity : Low

Publid Date: 2019-09-04T00:00:00Z

Links: CVE-2019-15903 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-15T22:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-4132-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4132-1/"}, {"name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"name": "USN-4132-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4132-2/"}, {"name": "FEDORA-2019-613edfe68b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"name": "DSA-4530", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"name": "FEDORA-2019-9505c6b555", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"name": "openSUSE-SU-2019:2205", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"name": "openSUSE-SU-2019:2204", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"name": "FEDORA-2019-672ae0f060", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"name": "20191021 [slackware-security] python (SSA:2019-293-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"name": "USN-4165-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4165-1/"}, {"name": "DSA-4549", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"name": "RHSA-2019:3210", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"name": "RHSA-2019:3237", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"name": "openSUSE-SU-2019:2420", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"name": "openSUSE-SU-2019:2424", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"name": "openSUSE-SU-2019:2425", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"name": "RHSA-2019:3756", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"name": "openSUSE-SU-2019:2447", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"name": "openSUSE-SU-2019:2451", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"name": "openSUSE-SU-2019:2452", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"name": "openSUSE-SU-2019:2459", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"name": "openSUSE-SU-2019:2464", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"name": "DSA-4571", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"name": "GLSA-201911-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"name": "USN-4202-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4202-1/"}, {"name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"name": "openSUSE-SU-2020:0010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210789"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210793"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210795"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210794"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-11"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15903", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-4132-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4132-1/"}, {"name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"name": "USN-4132-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4132-2/"}, {"name": "FEDORA-2019-613edfe68b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"name": "DSA-4530", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4530"}, {"name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"name": "FEDORA-2019-9505c6b555", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"name": "openSUSE-SU-2019:2205", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"name": "openSUSE-SU-2019:2204", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"name": "FEDORA-2019-672ae0f060", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"name": "20191021 [slackware-security] python (SSA:2019-293-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"name": "USN-4165-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4165-1/"}, {"name": "DSA-4549", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4549"}, {"name": "RHSA-2019:3210", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"name": "RHSA-2019:3237", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"name": "openSUSE-SU-2019:2420", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"name": "openSUSE-SU-2019:2424", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"name": "openSUSE-SU-2019:2425", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"name": "RHSA-2019:3756", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"name": "openSUSE-SU-2019:2447", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"name": "openSUSE-SU-2019:2451", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"name": "openSUSE-SU-2019:2452", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"name": "openSUSE-SU-2019:2459", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"name": "openSUSE-SU-2019:2464", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"name": "DSA-4571", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4571"}, {"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"name": "GLSA-201911-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201911-08"}, {"name": "USN-4202-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4202-1/"}, {"name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"name": "openSUSE-SU-2020:0010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"name": "openSUSE-SU-2020:0086", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://github.com/libexpat/libexpat/issues/317", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/issues/317"}, {"name": "https://github.com/libexpat/libexpat/pull/318", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/pull/318"}, {"name": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"name": "https://github.com/libexpat/libexpat/issues/342", "refsource": "CONFIRM", "url": "https://github.com/libexpat/libexpat/issues/342"}, {"name": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190926-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"name": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "https://support.apple.com/kb/HT210790", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210790"}, {"name": "https://support.apple.com/kb/HT210785", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210785"}, {"name": "https://support.apple.com/kb/HT210789", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210789"}, {"name": "https://support.apple.com/kb/HT210793", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210793"}, {"name": "https://support.apple.com/kb/HT210795", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210795"}, {"name": "https://support.apple.com/kb/HT210794", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210794"}, {"name": "https://www.tenable.com/security/tns-2021-11", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-11"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.547Z"}, "title": "CVE Program Container", "references": [{"name": "USN-4132-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4132-1/"}, {"name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"name": "USN-4132-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4132-2/"}, {"name": "FEDORA-2019-613edfe68b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"name": "DSA-4530", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"name": "FEDORA-2019-9505c6b555", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"name": "openSUSE-SU-2019:2205", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"name": "openSUSE-SU-2019:2204", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"name": "FEDORA-2019-672ae0f060", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"name": "20191021 [slackware-security] python (SSA:2019-293-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"name": "USN-4165-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4165-1/"}, {"name": "DSA-4549", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"name": "RHSA-2019:3210", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"name": "RHSA-2019:3237", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"name": "openSUSE-SU-2019:2420", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"name": "openSUSE-SU-2019:2424", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"name": "openSUSE-SU-2019:2425", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"name": "RHSA-2019:3756", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"name": "openSUSE-SU-2019:2447", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"name": "openSUSE-SU-2019:2451", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"name": "openSUSE-SU-2019:2452", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"name": "openSUSE-SU-2019:2459", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"name": "openSUSE-SU-2019:2464", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"name": "DSA-4571", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"name": "GLSA-201911-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"name": "USN-4202-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4202-1/"}, {"name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"name": "openSUSE-SU-2020:0010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210789"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210793"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210795"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210794"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-11"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15903", "datePublished": "2019-09-04T05:59:16", "dateReserved": "2019-09-04T00:00:00", "dateUpdated": "2024-08-05T01:03:32.547Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "53820561-496E-490D-8061-A21C9C69C208", "versionEndExcluding": "2.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "B09B31A2-30BF-4E95-81A3-F77FD97DF5B6", "versionEndExcluding": "2.7.17", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A384586-B574-4240-8BCF-CCE69498F336", "versionEndExcluding": "3.5.8", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD0A51C5-9774-4CB3-A4ED-7C68AF2EFA73", "versionEndExcluding": "3.6.10", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CE919D-4E17-44A1-97FD-0DD55B14701F", "versionEndExcluding": "3.7.5", "versionStartIncluding": "3.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}, {"lang": "es", "value": "En libexpat versiones anteriores a 2.2.8, una entrada XML especialmente dise\u00f1ada podr\u00eda enga\u00f1ar al analizador para que cambie de an\u00e1lisis DTD a an\u00e1lisis de documentos demasiado pronto; una llamada consecutiva a la funci\u00f3n XML_GetCurrentLineNumber (o XML_GetCurrentColumnNumber) luego result\u00f3 en una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria."}], "id": "CVE-2019-15903", "lastModified": "2024-11-21T04:29:42.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-04T06:15:10.877", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210785"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210788"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210789"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210790"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210793"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210794"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210795"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4165-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4202-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210790"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210795"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4165-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4202-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-776"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2019:3756", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.2.0-2.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3193", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.2.0-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-10-24T00:00:00Z"}, {"advisory": "RHSA-2019:3210", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.2.0-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-10-29T00:00:00Z"}, {"advisory": "RHSA-2020:3952", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "expat-0:2.1.0-12.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2019:3196", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.2.0-2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-10-24T00:00:00Z"}, {"advisory": "RHSA-2019:3237", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.2.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-10-29T00:00:00Z"}, {"advisory": "RHSA-2020:4484", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "expat-0:2.2.5-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2021:0949", "cpe": "cpe:/a:redhat:openshift_do:1.0::el7", "package": "openshiftdo/odo-init-image-rhel7:1.1.3-2", "product_name": "Red Hat OpenShift Do", "release_date": "2021-03-22T00:00:00Z"}, {"advisory": "RHSA-2020:2646", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "expat", "product_name": "Text-Only JBCS", "release_date": "2020-06-22T00:00:00Z"}], "bugzilla": {"description": "expat: heap-based buffer over-read via crafted XML input", "id": "1752592", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "(CWE-122|CWE-125)", "details": ["In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2019-15903", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "xmlrpc-c", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 2"}], "public_date": "2019-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15903\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15903"], "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object