expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
Fixed In Version:
expat 2.2.7
References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
(from redmine: issue id 10629, created on 2019-06-28, closed on 2019-07-02)
- Relations:
- child #10630 (closed)
- child #10631 (closed)
- child #10632 (closed)
- child #10633 (closed)