CVE-2021-40439

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.3%
top 47.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache OpenofficeApache Openoffice
Timeline
PublishedOct 7
Latest updateMay 24

Description

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_openofficeApache OpenOffice4.1.10+1
NVDapache/openoffice4.1.10

🔴Vulnerability Details

2
GHSA
GHSA-7579-q6rq-wf6r: Apache OpenOffice has a dependency on expat software2022-05-24
CVEList
Billion Laughs2021-10-07
CVE-2021-40439 (MEDIUM CVSS 6.5) | Apache OpenOffice has a dependency | cvebase.io