Gentoo update for Expat

Published: 2017-01-11 | Updated: 2021-10-11

Risk	Critical
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2012-6702 CVE-2013-0340 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300
CWE-ID	CWE-310 CWE-400 CWE-20 CWE-119 CWE-611
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Gentoo Linux Operating systems & Components / Operating system
Vendor	Gentoo

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Cryptographic issues

EUVDB-ID: #VU33052

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-6702

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Mitigation

Update the affected packages.
dev-libs/expat to version: 2.2.0-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

https://security.gentoo.org/
https://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU42119

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2013-0340

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows remote attackers to cause a denial of service attack.

The vulnerability exists due to insufficient validation of user-supplied input within the expat library, when processing XML files. A remote attacker can pass specially crafted XML content to the affected library and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.
dev-libs/expat to version: 2.2.0-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

https://security.gentoo.org/
https://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU33808

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-1283

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

Mitigation

Update the affected packages.
dev-libs/expat to version: 2.2.0-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

https://security.gentoo.org/
https://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow in Tenable Nessus

EUVDB-ID: #VU200

Risk: Critical

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]

CVE-ID: CVE-2016-0718

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malformed input documents. A remote unauthenticated attacker can trigger a buffer overflow in the Expat XML parser library and execute arbitrary code by sending specially crafted data to vulnerable server.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.
dev-libs/expat to version: 2.2.0-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

https://security.gentoo.org/
https://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) XXE attack

EUVDB-ID: #VU12378

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-4472

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the overflow protection in Expat is removed by compilers with certain optimization settings. A remote attacker can supply specially crafted XML data and cause the service to crash.

The vulnerability exists due to incomplete fix for CVE-2015-1283 and CVE-2015-2716.

Mitigation

Update the affected packages.
dev-libs/expat to version: 2.2.0-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

https://security.gentoo.org/
https://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU32074

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-5300

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (CPU consumption) via crafted identifiers in an XML document.

Mitigation

Update the affected packages.
dev-libs/expat to version: 2.2.0-r1

Vulnerable software versions

Gentoo Linux: All versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

https://security.gentoo.org/
https://security.gentoo.org/glsa/201701-21

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.