CVE-2012-1148

Published Jul 3, 2012

Last updated 4 years ago

Overview

Description: Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-399

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B298040-6E60-4701-9F0A-E57CDD3CFA83",
            "versionEndIncluding": "2.0.1"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "055C8DC2-8840-4758-9F3F-21EEF87845DF"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64E471EF-41A9-491F-B032-568723816ADD"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9F94DC5-6A6C-4DB4-A6FA-CDF786AC8E0B"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19EC2420-0140-4233-A766-8D3D9B0933B8"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "572CC266-7C6B-46FE-963F-B457A387B24A"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B354846-9F53-4D07-B34E-F8BB63836299"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0B6B5BF-5A76-46B9-BD7B-679F28821CD7"
          },
          {
            "criteria": "cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "843ADBBB-69DE-4128-A1B0-BCA3E85DC6BA"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "767D7ECF-24C5-4605-9368-5A41456A475E",
            "versionEndIncluding": "10.11.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References