ByteOS Network

CVE Vulnerability Details :

CVE-2013-0340

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-21 Jan, 2014 | 18:00

Updated At-25 Nov, 2025 | 16:27

▼CVE Numbering Authority (CNA)

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Affected Products

Collection URL

https://github.com/libexpat/libexpat/

Package Name

libexpat

Default Status

unaffected

Versions

Affected

From 0 before 2.4.0 (semver)

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://openwall.com/lists/oss-security/2013/02/22/3	mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2013/04/12/6	mailing-list x_refsource_MLIST
http://www.osvdb.org/90634	vdb-entry x_refsource_OSVDB
http://securitytracker.com/id?1028213	vdb-entry x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-21	vendor-advisory x_refsource_GENTOO
http://www.securityfocus.com/bid/58233	vdb-entry x_refsource_BID
https://support.apple.com/kb/HT212805	x_refsource_CONFIRM
https://support.apple.com/kb/HT212804	x_refsource_CONFIRM
https://support.apple.com/kb/HT212807	x_refsource_CONFIRM
https://support.apple.com/kb/HT212819	x_refsource_CONFIRM
https://support.apple.com/kb/HT212814	x_refsource_CONFIRM
https://support.apple.com/kb/HT212815	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Sep/33	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/34	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/40	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/35	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/38	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/39	mailing-list x_refsource_FULLDISC
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E	mailing-list x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/10/07/4	mailing-list x_refsource_MLIST
http://seclists.org/fulldisclosure/2021/Oct/62	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Oct/63	mailing-list x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Oct/61	mailing-list x_refsource_FULLDISC
https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes	N/A

Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.osvdb.org/90634

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://securitytracker.com/id?1028213

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://security.gentoo.org/glsa/201701-21

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: http://www.securityfocus.com/bid/58233

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://support.apple.com/kb/HT212805

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/kb/HT212804

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/kb/HT212807

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/kb/HT212819

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/kb/HT212814

Resource:

x_refsource_CONFIRM

Hyperlink: https://support.apple.com/kb/HT212815

Resource:

x_refsource_CONFIRM

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61

Resource:

mailing-list

x_refsource_FULLDISC

Hyperlink: https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

Resource: N/A

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://openwall.com/lists/oss-security/2013/02/22/3	mailing-list x_refsource_MLIST x_transferred
http://www.openwall.com/lists/oss-security/2013/04/12/6	mailing-list x_refsource_MLIST x_transferred
http://www.osvdb.org/90634	vdb-entry x_refsource_OSVDB x_transferred
http://securitytracker.com/id?1028213	vdb-entry x_refsource_SECTRACK x_transferred
https://security.gentoo.org/glsa/201701-21	vendor-advisory x_refsource_GENTOO x_transferred
http://www.securityfocus.com/bid/58233	vdb-entry x_refsource_BID x_transferred
https://support.apple.com/kb/HT212805	x_refsource_CONFIRM x_transferred
https://support.apple.com/kb/HT212804	x_refsource_CONFIRM x_transferred
https://support.apple.com/kb/HT212807	x_refsource_CONFIRM x_transferred
https://support.apple.com/kb/HT212819	x_refsource_CONFIRM x_transferred
https://support.apple.com/kb/HT212814	x_refsource_CONFIRM x_transferred
https://support.apple.com/kb/HT212815	x_refsource_CONFIRM x_transferred
http://seclists.org/fulldisclosure/2021/Sep/33	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Sep/34	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Sep/40	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Sep/35	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Sep/38	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Sep/39	mailing-list x_refsource_FULLDISC x_transferred
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
http://www.openwall.com/lists/oss-security/2021/10/07/4	mailing-list x_refsource_MLIST x_transferred
http://seclists.org/fulldisclosure/2021/Oct/62	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Oct/63	mailing-list x_refsource_FULLDISC x_transferred
http://seclists.org/fulldisclosure/2021/Oct/61	mailing-list x_refsource_FULLDISC x_transferred