CVE-2013-0340 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2013-0340

Modified

More Info Official Page

Source-secalert@redhat.com

Published At-21 Jan, 2014 | 18:55

Updated At-29 Apr, 2026 | 01:13

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

libexpat_project>>libexpat>>Versions before 2.4.0(exclusive)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.6.0(inclusive) to 3.6.15(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.7.0(inclusive) to 3.7.12(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.8.0(inclusive) to 3.8.12(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.9.0(inclusive) to 3.9.7(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

>>ipados>>Versions before 14.8(exclusive)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

>>iphone_os>>Versions before 14.8(exclusive)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

>>macos>>Versions before 11.6(exclusive)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

>>tvos>>Versions before 15.0(exclusive)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

>>watchos>>Versions before 8.0(exclusive)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-611	Primary	nvd@nist.gov

CWE ID: CWE-611

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://openwall.com/lists/oss-security/2013/02/22/3	secalert@redhat.com	Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/33	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/34	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/35	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/38	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/39	secalert@redhat.com	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/40	secalert@redhat.com	Mailing List Third Party Advisory
http://securitytracker.com/id?1028213	secalert@redhat.com	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2013/04/12/6	secalert@redhat.com	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/07/4	secalert@redhat.com	Mailing List Third Party Advisory
http://www.osvdb.org/90634	secalert@redhat.com	Broken Link
http://www.securityfocus.com/bid/58233	secalert@redhat.com	Broken Link Third Party Advisory VDB Entry
https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E	secalert@redhat.com	N/A
https://security.gentoo.org/glsa/201701-21	secalert@redhat.com	Third Party Advisory
https://support.apple.com/kb/HT212804	secalert@redhat.com	Third Party Advisory
https://support.apple.com/kb/HT212805	secalert@redhat.com	Third Party Advisory
https://support.apple.com/kb/HT212807	secalert@redhat.com	Third Party Advisory
https://support.apple.com/kb/HT212814	secalert@redhat.com	Third Party Advisory
https://support.apple.com/kb/HT212815	secalert@redhat.com	Third Party Advisory
https://support.apple.com/kb/HT212819	secalert@redhat.com	Third Party Advisory
http://openwall.com/lists/oss-security/2013/02/22/3	af854a3a-2127-422b-91ae-364da2661108	Exploit Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/33	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/34	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/35	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/38	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/39	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/40	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://securitytracker.com/id?1028213	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2013/04/12/6	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/07/4	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://www.osvdb.org/90634	af854a3a-2127-422b-91ae-364da2661108	Broken Link
http://www.securityfocus.com/bid/58233	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://security.gentoo.org/glsa/201701-21	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT212804	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT212805	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT212807	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT212814	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT212815	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT212819	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3

Source: secalert@redhat.com

Resource:

Exploit

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://securitytracker.com/id?1028213

Source: secalert@redhat.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4

Source: secalert@redhat.com

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.osvdb.org/90634

Source: secalert@redhat.com

Resource:

Broken Link

Hyperlink: http://www.securityfocus.com/bid/58233

Source: secalert@redhat.com

Resource:

Broken Link

Third Party Advisory

VDB Entry

Hyperlink: https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

Source: secalert@redhat.com

Resource: N/A

Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E

Source: secalert@redhat.com

Resource: N/A

Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E

Source: secalert@redhat.com

Resource: N/A

Hyperlink: https://security.gentoo.org/glsa/201701-21

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212804

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212805

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212807

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212814

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212815

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212819

Source: secalert@redhat.com

Resource:

Third Party Advisory

Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Exploit

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://securitytracker.com/id?1028213

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

Hyperlink: http://www.osvdb.org/90634

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Broken Link

Hyperlink: http://www.securityfocus.com/bid/58233

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Broken Link

Third Party Advisory

VDB Entry

Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: https://security.gentoo.org/glsa/201701-21

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212804

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212805

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212807

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212814

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212815

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory

Hyperlink: https://support.apple.com/kb/HT212819

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Third Party Advisory