Vulnerability-Lookup

CVE-2017-9233 (GCVE-0-2017-9233)

Vulnerability from cvelistv5 – Published: 2017-07-25 20:00 – Updated: 2024-08-05 17:02

Summary

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://support.apple.com/HT208144	x_refsource_CONFIRM
	https://libexpat.github.io/doc/cve-2017-9233/	x_refsource_CONFIRM
	https://github.com/libexpat/libexpat/blob/master/…	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1039427	vdb-entryx_refsource_SECTRACK
	https://support.apple.com/HT208113	x_refsource_CONFIRM
	https://support.apple.com/HT208112	x_refsource_CONFIRM
	https://support.apple.com/HT208115	x_refsource_CONFIRM
	http://www.debian.org/security/2017/dsa-3898	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/99276	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2017/06/17/7	mailing-listx_refsource_MLIST
	https://support.f5.com/csp/article/K03244804	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/rf4c02775860…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r58af02e294b…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:02:43.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://libexpat.github.io/doc/cve-2017-9233/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
          },
          {
            "name": "1039427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039427"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208113"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208112"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT208115"
          },
          {
            "name": "DSA-3898",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3898"
          },
          {
            "name": "99276",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99276"
          },
          {
            "name": "[oss-security] 20170618 Expat 2.2.1 security fixes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K03244804"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:06:56.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://libexpat.github.io/doc/cve-2017-9233/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
        },
        {
          "name": "1039427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039427"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208113"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208112"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT208115"
        },
        {
          "name": "DSA-3898",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3898"
        },
        {
          "name": "99276",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99276"
        },
        {
          "name": "[oss-security] 20170618 Expat 2.2.1 security fixes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K03244804"
        },
        {
          "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT208144",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208144"
            },
            {
              "name": "https://libexpat.github.io/doc/cve-2017-9233/",
              "refsource": "CONFIRM",
              "url": "https://libexpat.github.io/doc/cve-2017-9233/"
            },
            {
              "name": "https://github.com/libexpat/libexpat/blob/master/expat/Changes",
              "refsource": "CONFIRM",
              "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
            },
            {
              "name": "1039427",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "name": "https://support.apple.com/HT208113",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208113"
            },
            {
              "name": "https://support.apple.com/HT208112",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208112"
            },
            {
              "name": "https://support.apple.com/HT208115",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT208115"
            },
            {
              "name": "DSA-3898",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3898"
            },
            {
              "name": "99276",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99276"
            },
            {
              "name": "[oss-security] 20170618 Expat 2.2.1 security fixes",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
            },
            {
              "name": "https://support.f5.com/csp/article/K03244804",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K03244804"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9233",
    "datePublished": "2017-07-25T20:00:00.000Z",
    "dateReserved": "2017-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-05T17:02:43.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-293

Vulnerability from certfr_avis - Published: 2018-06-15 - Updated: 2018-06-15

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Agent	Nessus Agent versions 7.0.3 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-09 du 14 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2018-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "initial_release_date": "2018-06-15T00:00:00",
  "last_revision_date": "2018-06-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-293",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-09"
    }
  ]
}

CERTFR-2018-AVI-288

Vulnerability from certfr_avis - Published: 2018-06-14 - Updated: 2018-06-14

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus	Nessus toutes versions antérieures à 7.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-08 du 13 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus toutes versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "initial_release_date": "2018-06-14T00:00:00",
  "last_revision_date": "2018-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-288",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-08 du 13 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-08"
    }
  ]
}

CERTFR-2017-AVI-320

Vulnerability from certfr_avis - Published: 2017-09-26 - Updated: 2017-09-26

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Server versions antérieures à 5.4
Apple	macOS	macOS High Sierra versions antérieures à 10.13
Apple	N/A	iCloud pour Windows versions antérieures à 7.0

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT208102 du 25 septembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208142 du 25 septembre 2017	None	vendor-advisory
Bulletin de sécurité Apple HT208144 du 25 septembre 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Server versions ant\u00e9rieures \u00e0 5.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-7127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7127"
    },
    {
      "name": "CVE-2017-7129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7129"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2017-7091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7091"
    },
    {
      "name": "CVE-2017-7121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7121"
    },
    {
      "name": "CVE-2017-7128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7128"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2017-7098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7098"
    },
    {
      "name": "CVE-2017-0381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0381"
    },
    {
      "name": "CVE-2017-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7104"
    },
    {
      "name": "CVE-2017-7111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7111"
    },
    {
      "name": "CVE-2017-7102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7102"
    },
    {
      "name": "CVE-2017-10979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10979"
    },
    {
      "name": "CVE-2017-7081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7081"
    },
    {
      "name": "CVE-2017-7120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7120"
    },
    {
      "name": "CVE-2017-7141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7141"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-7114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7114"
    },
    {
      "name": "CVE-2017-10978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10978"
    },
    {
      "name": "CVE-2017-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7117"
    },
    {
      "name": "CVE-2017-7126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7126"
    },
    {
      "name": "CVE-2017-7084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7084"
    },
    {
      "name": "CVE-2017-6451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6451"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7093"
    },
    {
      "name": "CVE-2017-7138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7138"
    },
    {
      "name": "CVE-2017-7094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7094"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2017-7109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7109"
    },
    {
      "name": "CVE-2017-7099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7099"
    },
    {
      "name": "CVE-2017-7087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7087"
    },
    {
      "name": "CVE-2017-7078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7078"
    },
    {
      "name": "CVE-2017-7077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7077"
    },
    {
      "name": "CVE-2017-7122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7122"
    },
    {
      "name": "CVE-2017-7083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7083"
    },
    {
      "name": "CVE-2017-7074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7074"
    },
    {
      "name": "CVE-2017-7080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7080"
    },
    {
      "name": "CVE-2017-7130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7130"
    },
    {
      "name": "CVE-2017-6455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6455"
    },
    {
      "name": "CVE-2017-7125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7125"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2017-6463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
    },
    {
      "name": "CVE-2017-7119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7119"
    },
    {
      "name": "CVE-2017-7089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7089"
    },
    {
      "name": "CVE-2017-7096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7096"
    },
    {
      "name": "CVE-2017-6464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
    },
    {
      "name": "CVE-2017-7095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7095"
    },
    {
      "name": "CVE-2017-7123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7123"
    },
    {
      "name": "CVE-2017-1000373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000373"
    },
    {
      "name": "CVE-2017-7086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7086"
    },
    {
      "name": "CVE-2017-7090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7090"
    },
    {
      "name": "CVE-2017-7100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7100"
    },
    {
      "name": "CVE-2017-7106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7106"
    },
    {
      "name": "CVE-2017-6459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6459"
    },
    {
      "name": "CVE-2017-7092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7092"
    },
    {
      "name": "CVE-2017-7143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7143"
    },
    {
      "name": "CVE-2017-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7082"
    },
    {
      "name": "CVE-2017-7107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7107"
    },
    {
      "name": "CVE-2017-6452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6452"
    },
    {
      "name": "CVE-2017-11103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11103"
    },
    {
      "name": "CVE-2017-6462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
    },
    {
      "name": "CVE-2017-6460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6460"
    },
    {
      "name": "CVE-2017-7124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7124"
    },
    {
      "name": "CVE-2017-6458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6458"
    },
    {
      "name": "CVE-2017-10989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
    },
    {
      "name": "CVE-2016-9042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9042"
    }
  ],
  "initial_release_date": "2017-09-26T00:00:00",
  "last_revision_date": "2017-09-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-320",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-09-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208102 du 25 septembre 2017",
      "url": "https://support.apple.com/fr-fr/HT208102"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208142 du 25 septembre 2017",
      "url": "https://support.apple.com/fr-fr/HT208142"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT208144 du 25 septembre 2017",
      "url": "https://support.apple.com/fr-fr/HT208144"
    }
  ]
}

cleanstart-2026-yt18139

Vulnerability from cleanstart

Published

2026-01-30 17:26

Modified

2026-01-29 18:58

Summary

issue was discovered in libexpat before 2

Details

Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "expat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.4-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-YT18139",
  "modified": "2026-01-29T18:58:54Z",
  "published": "2026-01-30T17:26:57.202658Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-YT18139.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-9233"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-15903"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-45960"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-46143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22822"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22827"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-23852"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-23990"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25235"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25236"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25313"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25314"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25315"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-40674"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-43680"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-52425"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-52426"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-28757"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45490"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45491"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45492"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-50602"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52426"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50602"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "issue was discovered in libexpat before 2",
  "upstream": [
    "CVE-2017-9233",
    "CVE-2019-15903",
    "CVE-2021-45960",
    "CVE-2021-46143",
    "CVE-2022-22822",
    "CVE-2022-22823",
    "CVE-2022-22824",
    "CVE-2022-22825",
    "CVE-2022-22826",
    "CVE-2022-22827",
    "CVE-2022-23852",
    "CVE-2022-23990",
    "CVE-2022-25235",
    "CVE-2022-25236",
    "CVE-2022-25313",
    "CVE-2022-25314",
    "CVE-2022-25315",
    "CVE-2022-40674",
    "CVE-2022-43680",
    "CVE-2023-52425",
    "CVE-2023-52426",
    "CVE-2024-28757",
    "CVE-2024-45490",
    "CVE-2024-45491",
    "CVE-2024-45492",
    "CVE-2024-50602"
  ]
}

cleanstart-2026-mh09144

Vulnerability from cleanstart

Published

2026-02-13 00:45

Modified

2026-02-12 13:07

Summary

issue was discovered in libexpat before 2

Details

Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "expat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.2-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the expat package. An issue was discovered in libexpat before 2. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-MH09144",
  "modified": "2026-02-12T13:07:54Z",
  "published": "2026-02-13T00:45:17.459930Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-MH09144.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-9233"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-15903"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-45960"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-46143"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22822"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22824"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22825"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22826"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-22827"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-23852"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-23990"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25235"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25236"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25313"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25314"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-25315"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-40674"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-43680"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-52425"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-52426"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-28757"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45490"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45491"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-45492"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-50602"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15903"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45960"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46143"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22822"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22824"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22825"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22826"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22827"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23852"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23990"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25235"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25236"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25313"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25314"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25315"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40674"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52425"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52426"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28757"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45490"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45491"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45492"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50602"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "issue was discovered in libexpat before 2",
  "upstream": [
    "CVE-2017-9233",
    "CVE-2019-15903",
    "CVE-2021-45960",
    "CVE-2021-46143",
    "CVE-2022-22822",
    "CVE-2022-22823",
    "CVE-2022-22824",
    "CVE-2022-22825",
    "CVE-2022-22826",
    "CVE-2022-22827",
    "CVE-2022-23852",
    "CVE-2022-23990",
    "CVE-2022-25235",
    "CVE-2022-25236",
    "CVE-2022-25313",
    "CVE-2022-25314",
    "CVE-2022-25315",
    "CVE-2022-40674",
    "CVE-2022-43680",
    "CVE-2023-52425",
    "CVE-2023-52426",
    "CVE-2024-28757",
    "CVE-2024-45490",
    "CVE-2024-45491",
    "CVE-2024-45492",
    "CVE-2024-50602"
  ]
}

CNVD-2017-16034

Vulnerability from cnvd - Published: 2017-07-24

Title

Expat XML外部实体拒绝服务漏洞

Description

Expat是一个以C语言编写的面向流的XML解析器库。 Expat XML外部实体拒绝服务漏洞。该漏洞源于Expat的entityValueInitProcessor函数存在外部实体中的畸形XML，攻击者可以利用该漏洞导致拒绝服务。

Severity

中

Patch Name

Expat XML外部实体拒绝服务漏洞的补丁

Patch Description

Expat是一个以C语言编写的面向流的XML解析器库。 Expat XML外部实体拒绝服务漏洞。该漏洞源于Expat的entityValueInitProcessor函数存在外部实体中的畸形XML，攻击者可以利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=1462729 http://www.securityfocus.com/bid/99276

Impacted products

Name
Expat Expat <=2.2

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "99276"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9233"
    }
  },
  "description": "Expat\u662f\u4e00\u4e2a\u4ee5C\u8bed\u8a00\u7f16\u5199\u7684\u9762\u5411\u6d41\u7684XML\u89e3\u6790\u5668\u5e93\u3002\r\n\r\nExpat XML\u5916\u90e8\u5b9e\u4f53\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eExpat\u7684entityValueInitProcessor\u51fd\u6570\u5b58\u5728\u5916\u90e8\u5b9e\u4f53\u4e2d\u7684\u7578\u5f62XML\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Rhodri James",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-16034",
  "openTime": "2017-07-24",
  "patchDescription": "Expat\u662f\u4e00\u4e2a\u4ee5C\u8bed\u8a00\u7f16\u5199\u7684\u9762\u5411\u6d41\u7684XML\u89e3\u6790\u5668\u5e93\u3002\r\n\r\nExpat XML\u5916\u90e8\u5b9e\u4f53\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eExpat\u7684entityValueInitProcessor\u51fd\u6570\u5b58\u5728\u5916\u90e8\u5b9e\u4f53\u4e2d\u7684\u7578\u5f62XML\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Expat XML\u5916\u90e8\u5b9e\u4f53\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Expat Expat \u003c=2.2"
  },
  "referenceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=1462729\r\nhttp://www.securityfocus.com/bid/99276",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-27",
  "title": "Expat XML\u5916\u90e8\u5b9e\u4f53\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-6J8W-M4CC-R7HM

Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-04-20 03:41

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-25T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
  "id": "GHSA-6j8w-m4cc-r7hm",
  "modified": "2025-04-20T03:41:28Z",
  "published": "2022-05-13T01:09:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9233"
    },
    {
      "type": "WEB",
      "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
    },
    {
      "type": "WEB",
      "url": "https://libexpat.github.io/doc/cve-2017-9233"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208112"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208113"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208115"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT208144"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K03244804"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3898"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99276"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1039427"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-9233

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9233

Aliases

CVE-2017-9233

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9233",
    "description": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
    "id": "GSD-2017-9233",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-9233.html",
      "https://www.debian.org/security/2017/dsa-3898",
      "https://ubuntu.com/security/CVE-2017-9233",
      "https://advisories.mageia.org/CVE-2017-9233.html",
      "https://security.archlinux.org/CVE-2017-9233"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9233"
      ],
      "details": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
      "id": "GSD-2017-9233",
      "modified": "2023-12-13T01:21:07.399550Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-9233",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/HT208144",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208144"
          },
          {
            "name": "https://libexpat.github.io/doc/cve-2017-9233/",
            "refsource": "CONFIRM",
            "url": "https://libexpat.github.io/doc/cve-2017-9233/"
          },
          {
            "name": "https://github.com/libexpat/libexpat/blob/master/expat/Changes",
            "refsource": "CONFIRM",
            "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
          },
          {
            "name": "1039427",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1039427"
          },
          {
            "name": "https://support.apple.com/HT208113",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208113"
          },
          {
            "name": "https://support.apple.com/HT208112",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208112"
          },
          {
            "name": "https://support.apple.com/HT208115",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT208115"
          },
          {
            "name": "DSA-3898",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2017/dsa-3898"
          },
          {
            "name": "99276",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99276"
          },
          {
            "name": "[oss-security] 20170618 Expat 2.2.1 security fixes",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
          },
          {
            "name": "https://support.f5.com/csp/article/K03244804",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K03244804"
          },
          {
            "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6.2",
                "versionStartIncluding": "3.6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.5.4",
                "versionStartIncluding": "3.5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.7",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.3.7",
                "versionStartIncluding": "3.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.15",
                "versionStartIncluding": "2.7.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9233"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                },
                {
                  "lang": "en",
                  "value": "CWE-835"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://libexpat.github.io/doc/cve-2017-9233/",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Technical Description",
                "Vendor Advisory"
              ],
              "url": "https://libexpat.github.io/doc/cve-2017-9233/"
            },
            {
              "name": "https://github.com/libexpat/libexpat/blob/master/expat/Changes",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
            },
            {
              "name": "[oss-security] 20170618 Expat 2.2.1 security fixes",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "VDB Entry"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
            },
            {
              "name": "99276",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99276"
            },
            {
              "name": "1039427",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1039427"
            },
            {
              "name": "https://support.apple.com/HT208144",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/HT208144"
            },
            {
              "name": "https://support.apple.com/HT208115",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/HT208115"
            },
            {
              "name": "https://support.apple.com/HT208113",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/HT208113"
            },
            {
              "name": "https://support.apple.com/HT208112",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.apple.com/HT208112"
            },
            {
              "name": "DSA-3898",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2017/dsa-3898"
            },
            {
              "name": "https://support.f5.com/csp/article/K03244804",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K03244804"
            },
            {
              "name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-07-28T11:30Z",
      "publishedDate": "2017-07-25T20:29Z"
    }
  }
}

FKIE_CVE-2017-9233

Vulnerability from fkie_nvd - Published: 2017-07-25 20:29 - Updated: 2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.debian.org/security/2017/dsa-3898	Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2017/06/17/7	Mailing List, VDB Entry
cve@mitre.org	http://www.securityfocus.com/bid/99276	Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securitytracker.com/id/1039427	Third Party Advisory, VDB Entry
cve@mitre.org	https://github.com/libexpat/libexpat/blob/master/expat/Changes	Release Notes, Third Party Advisory
cve@mitre.org	https://libexpat.github.io/doc/cve-2017-9233/	Exploit, Technical Description, Vendor Advisory
cve@mitre.org	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.org	https://support.apple.com/HT208112	Third Party Advisory
cve@mitre.org	https://support.apple.com/HT208113	Third Party Advisory
cve@mitre.org	https://support.apple.com/HT208115	Third Party Advisory
cve@mitre.org	https://support.apple.com/HT208144	Third Party Advisory
cve@mitre.org	https://support.f5.com/csp/article/K03244804	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2017/dsa-3898	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2017/06/17/7	Mailing List, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99276	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1039427	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/libexpat/libexpat/blob/master/expat/Changes	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://libexpat.github.io/doc/cve-2017-9233/	Exploit, Technical Description, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208112	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208113	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208115	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT208144	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K03244804	Third Party Advisory

Impacted products

Vendor	Product	Version
libexpat_project	libexpat	*
python	python	*
python	python	*
python	python	*
python	python	*
python	python	*
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05CD4F3D-73D5-45A0-8F13-896D7C1ED818",
              "versionEndIncluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6ABED2-9492-42E0-80A7-AB77C2900E9A",
              "versionEndExcluding": "2.7.15",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E822AE7-709A-4DA4-B2C6-7A5968AE62FD",
              "versionEndExcluding": "3.3.7",
              "versionStartIncluding": "3.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E65C03FE-52E0-477A-A104-8F2CC0EEE753",
              "versionEndExcluding": "3.4.7",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C0FE3B2-27E6-4DA9-8479-B34E3014AC55",
              "versionEndExcluding": "3.5.4",
              "versionStartIncluding": "3.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AAF5776-8121-49B5-A6AE-815B7CCAC307",
              "versionEndExcluding": "3.6.2",
              "versionStartIncluding": "3.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de XML External Entity (XEE) en libexpat versi\u00f3n 2.2.0 y anteriores (Expat XML Parser Library) permite que los atacantes consigan que el analizador entre en un bucle infinito utilizando una definici\u00f3n de entidad externa mal formada desde una DTD externa."
    }
  ],
  "id": "CVE-2017-9233",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-25T20:29:00.220",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3898"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "VDB Entry"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99276"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039427"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Vendor Advisory"
      ],
      "url": "https://libexpat.github.io/doc/cve-2017-9233/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208112"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208113"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208115"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208144"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K03244804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2017/dsa-3898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "VDB Entry"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/06/17/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99276"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/libexpat/libexpat/blob/master/expat/Changes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Vendor Advisory"
      ],
      "url": "https://libexpat.github.io/doc/cve-2017-9233/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/HT208144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K03244804"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        },
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9233 (GCVE-0-2017-9233)

Solution

Solution

Solution

Vulnerability from cleanstart

Vulnerability from cleanstart

Tags

Sightings

Nomenclature