FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0a0670a1-3e1a-11ed-b48b-e0d55e2a8bf9expat -- Heap use-after-free vulnerability

Debian Security Advisory reports:

Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.


Discovery 2022-09-14
Entry 2022-09-27
expat
< 2.4.9

CVE-2022-40674
https://www.debian.org/security/2022/dsa-5236
https://nvd.nist.gov/vuln/detail/CVE-2022-40674
6856d798-d950-11e9-aae4-f079596b62f9expat2 -- Fix extraction of namespace prefixes from XML names

expat project reports:

Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype


Discovery 2019-09-13
Entry 2019-09-17
expat
< 2.2.8

https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes
5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9texproc/expat2 -- billion laugh attack

Kurt Seifried reports:

So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.).

A billion laughs attack is a type of denial-of-service attack which is aimed at parsers of XML documents.


Discovery 2013-02-21
Entry 2021-05-24
expat
< 2.4.1

CVE-2013-0340
https://www.openwall.com/lists/oss-security/2013/02/22/3
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/
https://nvd.nist.gov/vuln/detail/CVE-2013-0340
c5bd8a25-99a6-11e9-a598-f079596b62f9expat2 -- Fix extraction of namespace prefixes from XML names

expat project reports:

XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks


Discovery 2019-06-19
Entry 2019-09-16
expat
< 2.2.7

https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes