CVE-2019-9628 — Improper Handling of Exceptional Conditions in Project Xmltooling

CWE-755 — Improper Handling of Exceptional Conditions CWE-20 — Improper Input Validation9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 25.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmltooling Project Xmltooling Canonical Ubuntu Linux Opensuse Leap

Timeline

PublishedApr 11

Latest updateMay 13

Description

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDxmltooling_project/xmltooling< 3.0.4

▶Debianxmltooling_project/xmltooling< 3.0.4-1+3

▶NVDopensuse/leap15.0, 42.3+1

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 18.10

🔴Vulnerability Details

GHSA

XMLTooling Library Incorrectly Handles Some Exceptions↗2022-05-13

▶

CVEList

CVE-2019-9628: The XMLTooling library all versions prior to V3↗2019-04-11

▶

OSV

CVE-2019-9628: The XMLTooling library all versions prior to V3↗2019-04-11

▶

📋Vendor Advisories

Ubuntu

XMLTooling vulnerability↗2019-03-26

▶

Red Hat

xmltooling: XML parser class fails to trap exceptions on malformed XML declaration↗2019-03-11

▶

Debian

CVE-2019-9628: xmltooling - The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML ...↗2019

▶

💬Community

Bugzilla

CVE-2019-9628 xmltooling: XML parser class fails to trap exceptions on malformed XML declaration↗2019-04-04

▶

Bugzilla

CVE-2019-9628 xmltooling: XML parser class fails to trap exceptions on malformed XML declaration [fedora-all]↗2019-04-04

▶