CVE-2012-1148: Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory…

CVE-2012-1148 xmltok library vulnerability Title: xmltok library vulnerability Summary: Libxmltok could be made to crash if it opened a specially crafted file. Tim Boddy discovered that Expat, contained within the xmltok library, did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-46143 [MEDIUM] xmltok library vulnerabilities Title: xmltok library vulnerabilities Summary: Several security issues were fixed in libxmltok. Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, o

CVE-2012-1148 [MEDIUM] CVE-2012-1148: iTunes 12.6 Apple Security Update: About the security content of iTunes 12.6 Product: iTunes Version: 12.6 CVE: CVE-2012-1148 Component: CVE-2012-1148

CVE-2012-1148 [MEDIUM] CVE-2012-1148: iTunes 12.6 for Windows Apple Security Update: About the security content of iTunes 12.6 for Windows Product: iTunes 12.6 for Windows CVE: CVE-2012-1148 Component: CVE-2012-1148

CVE-2011-4940 [MEDIUM] VMware security updates for vSphere API and ESX Service Console VMSA-2012-0016: VMware security updates for vSphere API and ESX Service Console a. VMware vSphere API denial of service vulnerability The VMware vSphere API contains a denial of service vulnerability. This issue allows an unauthenticated user to send a maliciously crafted API request and disable the host daemon. Exploitation of the issue would prevent management activities on the host but any virtual machines running on the host would be unaffected. VMware would like to thank Sebastián Tello of Core Security Technologies for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-5703 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is a

CVE-2008-5983 [MEDIUM] Python 2.5 vulnerabilities Title: Python 2.5 vulnerabilities Summary: Several security issues were fixed in Python 2.5. It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd module. A remote attacker could exploit this to cause a denial of service via daemon outage. (CVE-2010-3493) It was discovered that the CGIHTT

CVE-2010-2089 [MEDIUM] Python 2.4 vulnerabilities Title: Python 2.4 vulnerabilities Summary: Several security issues were fixed in Python 2.4. USN-1613-1 fixed vulnerabilities in Python 2.5. This update provides the corresponding updates for Python 2.4. Original advisory details: It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. (CVE-2008-5983) It was discovered that the audioop module did not correctly perform input validation. If a user or automatated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. (CVE-2010-1634, CVE-2010-2089) Giampaolo Rodola discovered several race conditions in the smtpd mod

CVE-2012-0876 [MEDIUM] XML-RPC for C and C++ vulnerabilities Title: XML-RPC for C and C++ vulnerabilities Summary: XML-RPC for C and C++ could be made to cause a denial of service by consuming excessive CPU and memory resources. USN-1527-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Both issues described in the original advisory affected XML-RPC for C and C++ in Ubuntu 10.04 LTS, 11.04, 11.10 and 12.04 LTS. Original advisory details: It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not prop

CVE-2012-0876 [MEDIUM] Expat vulnerabilities Title: Expat vulnerabilities Summary: Expat could be made to cause a denial of service by consuming excessive CPU and memory resources. It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. (CVE-2012-0876) Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources. This issue only affected Ubuntu 8.04 LTS, 10.04 LTS, 11.04 and 11.10.

CVE-2012-1148 [MEDIUM] CWE-401 expat: Memory leak in poolGrow expat: Memory leak in poolGrow Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. Package: expat (Red Hat Directory Server 8) - Affected Package: expat (Red Hat Enterprise Linux 4) - Will not fix Package: xmlrpc-c (Red Hat Enterprise Linux 5) - Will not fix

CVE-2012-1148 [MEDIUM] CVE-2012-1148: expat - Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1... Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. Scope: local bookworm: resolved (fixed in 2.1.0~beta3-1) bullseye: resolved (fixed in 2.1.0~beta3-1) forky: resolved (fixed in 2.1.0~beta3-1) sid: resolved (fixed in 2.1.0~beta3-1) trixie: resolved (fixed in 2.1.0~beta3-1)

CVE-2012-1148 [MEDIUM] CVE-2012-1148: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks Apple Security Update: About the security content of OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks Product: OS X El Capitan 10.11.2, Security Update 2015-005 Yosemite, and Security Update 2015-008 Mavericks CVE: CVE-2012-1148 Component: CVE-ID Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in the parsing of XML files. This issue was addressed through improved memory handling.

CVE-2012-1148 [MEDIUM] libxmltok vulnerabilities libxmltok vulnerabilities Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25235) It was discovered

CVE-2012-1148 [MEDIUM] GHSA-hm5h-j86h-82pc: Memory leak in the poolGrow function in expat/lib/xmlparse Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

CVE-2012-1148 [MEDIUM] CVE-2012-1148: Memory leak in the poolGrow function in expat/lib/xmlparse Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

CVE-2012-3233 Kayako Fusion - 'download.php' Cross-Site Scripting Kayako Fusion - 'download.php' Cross-Site Scripting --- source: https://www.securityfocus.com/bid/55417/info Kayako Fusion is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Kayako Fusion 4.40.1148 is vulnerable; other versions may also be affected. http://www.example.com/__swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php/%27%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

[MEDIUM] Update to Expat 2.2.1 Update to Expat 2.2.1 Update expat files that live in: parser/expat/lib/ For list of fixed CVEs see: http://www.openwall.com/lists/oss-security/2017/06/17/7 Discussion: This fixes some integer overflows, a double free and more. So marking s-s for now. --- FWIW I've explicitly avoided updating to the latest expat versions as they've tend to introduce more CVE's than they fix. We keep a much trimmed down (and modified) version of 2.0.0 in tree, it would be interesting to see what overlap there is and maybe just cherry-pick changes that are relevant to us. --- I've started looking over the differences. I'll attach some patches with some no-brainers and then we can decide on the rest. --- From the release notes: CVE-2017-9233 External entity infinite loop DoS Probably affects us, I

CVE-2012-1148 [MEDIUM] CVE-2012-1148 CVE-2012-0876 compat-expat1 various flaws [fedora-all] CVE-2012-1148 CVE-2012-0876 compat-expat1 various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. Please note: this issue affects mult

CVE-2012-1148 [MEDIUM] CVE-2012-1148 expat: Memory leak in poolGrow CVE-2012-1148 expat: Memory leak in poolGrow Tim Boddy reported a memory leak in poolGrow [1] This bug applies at least to 1.95.8, 2.0.0 and 2.0.1 poolGrow in xml.parse.cpp has the following block of code: if (pool->blocks && pool->start == pool->blocks->s) { int blockSize = (int)(pool->end - pool->start)*2; pool->blocks = (BLOCK *) pool->mem->realloc_fcn(pool->blocks, (offsetof(BLOCK, s) + blockSize * sizeof(XML_Char))); if (pool->blocks == NULL) return XML_FALSE; pool->blocks->size = blockSize; pool->ptr = pool->blocks->s + (pool->ptr - pool->start); pool->start = pool->blocks->s; pool->end = pool->start + blockSize; } It looks like this will cause a memory leak if realloc_fcn returns NULL because pool->blocks will be overwritten but the old memory area to which it pointed won't be f