FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat -- denial of service vulnerability on malformed input

Affected packages
expat < 2.1.1
linux-c6-expat < 2.0.1_3
linux-c7-expat < 2.1.0_1

Details

VuXML ID 57b3aba7-1e25-11e6-8dd3-002590263bf5
Discovery 2016-05-17
Entry 2016-05-20
Modified 2016-11-30

Gustavo Grieco reports:

The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution.

References

CVE Name CVE-2016-0718
FreeBSD PR ports/209360
URL http://www.openwall.com/lists/oss-security/2016/05/17/12