libexpat 缓冲区错误漏洞

CNNVD-ID编号	CNNVD-201909-181	CVE编号	CVE-2019-15903
发布时间	2019-09-04	更新时间	2021-02-18
漏洞类型	缓冲区错误	漏洞来源	Ubuntu,Apple,Debian,Red Hat,Slackware Security Team,Gentoo
危险等级	高危	威胁类型	远程
厂商	N/A

漏洞介绍

libexpat是一款使用C语言编写的流式XML解析器。

libexpat 2.2.8之前版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。

漏洞补丁

目前厂商已发布升级了libexpat 缓冲区错误漏洞的补丁，libexpat 缓冲区错误漏洞的补丁获取链接：

https://github.com/libexpat/libexpat/pull/318

参考网址

来源:CONFIRM

链接：https://support.apple.com/kb/HT210788
来源:CONFIRM

链接：https://support.apple.com/kb/HT210785
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Sep/37
来源:CONFIRM

链接：https://support.apple.com/kb/HT210789
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Nov/24
来源:MISC

链接：https://www.oracle.com/security-alerts/cpuoct2020.html
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2019:3210
来源:MISC

链接：https://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Sep/30
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html
来源:GENTOO

链接：https://security.gentoo.org/glsa/201911-08
来源:FULLDISC

链接：http://seclists.org/fulldisclosure/2019/Dec/30
来源:DEBIAN

链接：https://www.debian.org/security/2019/dsa-4549
来源:MISC

链接：https://github.com/libexpat/libexpat/pull/318
来源:UBUNTU

链接：https://usn.ubuntu.com/4335-1/
来源:UBUNTU

链接：https://usn.ubuntu.com/4165-1/
来源:CONFIRM

链接：https://security.netapp.com/advisory/ntap-20190926-0004/
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Dec/21
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html
来源:CONFIRM

链接：https://support.apple.com/kb/HT210790
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html
来源:CONFIRM

链接：https://support.apple.com/kb/HT210794
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Dec/23
来源:CONFIRM

链接：https://support.apple.com/kb/HT210795
来源:CONFIRM

链接：https://support.apple.com/kb/HT210793
来源:CONFIRM

链接：https://github.com/libexpat/libexpat/issues/342
来源:N/A

链接：https://www.oracle.com/security-alerts/cpuapr2020.html
来源:FULLDISC

链接：http://seclists.org/fulldisclosure/2019/Dec/26
来源:UBUNTU

链接：https://usn.ubuntu.com/4202-1/
来源:FULLDISC

链接：http://seclists.org/fulldisclosure/2019/Dec/27
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
来源:FULLDISC

链接：http://seclists.org/fulldisclosure/2019/Dec/23
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Oct/29
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html
来源:UBUNTU

链接：https://usn.ubuntu.com/4132-1/
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Dec/17
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html
来源:MISC

链接：https://github.com/libexpat/libexpat/issues/317
来源:github.com

链接：https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2019:3237
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html
来源:REDHAT

链接：https://access.redhat.com/errata/RHSA-2019:3756
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html
来源:MISC

链接：https://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
来源:MISC

链接：https://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
来源:UBUNTU

链接：https://usn.ubuntu.com/4132-2/
来源:BUGTRAQ

链接：https://seclists.org/bugtraq/2019/Nov/1
来源:DEBIAN

链接：https://www.debian.org/security/2019/dsa-4530
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
来源:DEBIAN

链接：https://www.debian.org/security/2019/dsa-4571
来源:SUSE

链接：http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-20200302-1.html
来源:www.debian.org

链接：https://www.debian.org/security/2019/dsa-4571
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html
来源:usn.ubuntu.com

链接：https://usn.ubuntu.com/4132-2/
来源:usn.ubuntu.com

链接：https://usn.ubuntu.com/4132-1/
来源:lists.debian.org

链接：https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html
来源:www.debian.org

链接：https://www.debian.org/security/2019/dsa-4571-2
来源:security-tracker.debian.org

链接：https://security-tracker.debian.org/tracker/DLA-1987-1
来源:security-tracker.debian.org

链接：https://security-tracker.debian.org/tracker/DLA-1912-1
来源:usn.ubuntu.com

链接：https://usn.ubuntu.com/4202-1/
来源:lists.debian.org

链接：https://lists.debian.org/debian-lts-announce/2019/12/msg00010.html
来源:www.debian.org

链接：https://www.debian.org/security/2019/dsa-4580
来源:www.suse.com

链接：https://www.suse.com/support/update/announcement/2020/suse-su-20200114-1.html
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/libexpat-out-of-bounds-memory-reading-via-XML-GetCurrentLineNumber-30268
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3535/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3729/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/154477/Ubuntu-Security-Notice-USN-4132-2.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2162/
来源:www.ibm.com

链接：https://www.ibm.com/support/pages/node/1137610
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4351/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affects-ibm-engineering-requirements-management-doors-next/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/161429/Red-Hat-Security-Advisory-2021-0436-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3389/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3862/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0171/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159553/Red-Hat-Security-Advisory-2020-4255-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155456/Gentoo-Linux-Security-Advisory-201911-08.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157345/Ubuntu-Security-Notice-USN-4335-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4478/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.4100/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-4/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155384/Debian-Security-Advisory-4571-1.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0177/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0386/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0099/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4228/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155670/Apple-Security-Advisory-2019-12-10-1.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/160889/Red-Hat-Security-Advisory-2021-0050-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1387/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4478.2/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/160125/Red-Hat-Security-Advisory-2020-5149-01.html
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/160961/Red-Hat-Security-Advisory-2021-0146-01.html
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2019-15903
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159875/Red-Hat-Security-Advisory-2020-4484-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4645/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4351.2/
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/46409
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158168/Red-Hat-Security-Advisory-2020-2646-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.4366/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/155627/Ubuntu-Security-Notice-USN-4202-2.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0319/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.4513/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0234/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0584
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3499/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-6/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.0397/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159381/Red-Hat-Security-Advisory-2020-3952-01.html
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-tivoli-monitoring-basic-services-component-cve-2019-15903/
来源:www.ibm.com

链接：https://www.ibm.com/blogs/psirt/security-bulletin-ibm-prospect-is-affected-by-expat-xml-parser-vulnerability-cve-2019-15903/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/159661/Red-Hat-Security-Advisory-2020-4264-01.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.3631/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2019.3399/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201909-181

libexpat 缓冲区错误漏洞

漏洞介绍

漏洞补丁

参考网址

受影响实体

信息来源

查询漏洞

相关漏洞

支持服务

云学院

合作与生态

libexpat 缓冲区错误漏洞

漏洞介绍

漏洞补丁

参考网址

受影响实体

信息来源

查询漏洞

相关漏洞