FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6856d798-d950-11e9-aae4-f079596b62f9	expat2 -- Fix extraction of namespace prefixes from XML names expat project reports: Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype Discovery 2019-09-13 Entry 2019-09-17 expat < 2.2.8 https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes
5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9	texproc/expat2 -- billion laugh attack Kurt Seifried reports: So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.). A billion laughs attack is a type of denial-of-service attack which is aimed at parsers of XML documents. Discovery 2013-02-21 Entry 2021-05-24 expat < 2.4.1 CVE-2013-0340 https://www.openwall.com/lists/oss-security/2013/02/22/3 https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/ https://nvd.nist.gov/vuln/detail/CVE-2013-0340

VuXML ID

Description

6856d798-d950-11e9-aae4-f079596b62f9

expat2 -- Fix extraction of namespace prefixes from XML names

expat project reports:

Fix heap overflow triggered by XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype

Discovery 2019-09-13
Entry 2019-09-17
expat

< 2.2.8

https://github.com/libexpat/libexpat/blob/R_2_2_8/expat/Changes

5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9

texproc/expat2 -- billion laugh attack

Kurt Seifried reports:

So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.).

A billion laughs attack is a type of denial-of-service attack which is aimed at parsers of XML documents.

Discovery 2013-02-21
Entry 2021-05-24
expat

< 2.4.1

CVE-2013-0340
https://www.openwall.com/lists/oss-security/2013/02/22/3
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/
https://nvd.nist.gov/vuln/detail/CVE-2013-0340