CVE-2017-11742 — Untrusted Search Path in Project Libexpat

CWE-426 — Untrusted Search Path CWE-393 — Return of Wrong Status Code6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 95.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexpat Project Libexpat

Timeline

PublishedJul 30

Latest updateMay 17

Description

The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDlibexpat_project/libexpat2.2.1, 2.2.2+1

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-cgjh-mqgp-mv76: The writeRandomBytes_RtlGenRandom function in xmlparse↗2022-05-17

▶

CVEList

CVE-2017-11742: The writeRandomBytes_RtlGenRandom function in xmlparse↗2017-07-30

▶

📋Vendor Advisories

Red Hat

xen: bad continuation handling in GNTTABOP_copy (XSA-318)↗2020-04-14

▶

Debian

CVE-2017-11742: expat - The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2....↗2017

▶

💬Community

Bugzilla

CVE-2020-11742 xen: bad continuation handling in GNTTABOP_copy (XSA-318)↗2020-04-14

▶