[3.9] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
Fixed In Version:
expat 2.2.7
References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
(from redmine: issue id 10631, created on 2019-06-28, closed on 2019-07-02)
- Relations:
- parent #10629 (closed)
- Changesets:
- Revision 9b9ed53c by Natanael Copa on 2019-06-30T12:21:30Z:
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10631