ByteOS Network

NVD Vulnerability Details :

CVE-2019-15903

Modified

Source-cve@mitre.org

Published At-04 Sep, 2019 | 06:15

Updated At-30 May, 2025 | 20:15

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

libexpat_project>>libexpat>>Versions before 2.2.8(exclusive)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 2.7.0(inclusive) to 2.7.17(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.5.0(inclusive) to 3.5.8(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.6.0(inclusive) to 3.6.10(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Python Software Foundation

>>python>>Versions from 3.7.0(inclusive) to 3.7.5(exclusive)

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-125	Primary	nvd@nist.gov
CWE-776	Primary	nvd@nist.gov
CWE-125	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html	cve@mitre.org	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html	cve@mitre.org	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html	cve@mitre.org	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html	cve@mitre.org	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html	cve@mitre.org	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Dec/23	cve@mitre.org	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26	cve@mitre.org	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/27	cve@mitre.org	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/30	cve@mitre.org	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3210	cve@mitre.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3237	cve@mitre.org	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3756	cve@mitre.org	Third Party Advisory
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43	cve@mitre.org	Patch Third Party Advisory
https://github.com/libexpat/libexpat/issues/317	cve@mitre.org	Exploit Issue Tracking Third Party Advisory
https://github.com/libexpat/libexpat/issues/342	cve@mitre.org	Third Party Advisory
https://github.com/libexpat/libexpat/pull/318	cve@mitre.org	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html	cve@mitre.org	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html	cve@mitre.org	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/	cve@mitre.org	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/	cve@mitre.org	N/A
https://seclists.org/bugtraq/2019/Dec/17	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/21	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/23	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/1	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/24	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/29	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/30	cve@mitre.org	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/37	cve@mitre.org	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201911-08	cve@mitre.org	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190926-0004/	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210785	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210788	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210789	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210790	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210793	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210794	cve@mitre.org	Third Party Advisory
https://support.apple.com/kb/HT210795	cve@mitre.org	Third Party Advisory
https://usn.ubuntu.com/4132-1/	cve@mitre.org	Third Party Advisory
https://usn.ubuntu.com/4132-2/	cve@mitre.org	Third Party Advisory
https://usn.ubuntu.com/4165-1/	cve@mitre.org	Third Party Advisory
https://usn.ubuntu.com/4202-1/	cve@mitre.org	Third Party Advisory
https://usn.ubuntu.com/4335-1/	cve@mitre.org	Third Party Advisory
https://www.debian.org/security/2019/dsa-4530	cve@mitre.org	Third Party Advisory
https://www.debian.org/security/2019/dsa-4549	cve@mitre.org	Third Party Advisory
https://www.debian.org/security/2019/dsa-4571	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	cve@mitre.org	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	cve@mitre.org	Third Party Advisory
https://www.tenable.com/security/tns-2021-11	cve@mitre.org	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Dec/23	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/26	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/27	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2019/Dec/30	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3210	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3237	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3756	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
https://github.com/libexpat/libexpat/issues/317	af854a3a-2127-422b-91ae-364da2661108	Exploit Issue Tracking Third Party Advisory
https://github.com/libexpat/libexpat/issues/342	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://github.com/libexpat/libexpat/pull/318	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/	af854a3a-2127-422b-91ae-364da2661108	N/A
https://seclists.org/bugtraq/2019/Dec/17	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/21	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Dec/23	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/1	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Nov/24	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/29	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/30	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://seclists.org/bugtraq/2019/Sep/37	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/201911-08	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190926-0004/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210785	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210788	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210789	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210790	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210793	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210794	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://support.apple.com/kb/HT210795	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/4132-1/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/4132-2/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/4165-1/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/4202-1/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://usn.ubuntu.com/4335-1/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2019/dsa-4530	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2019/dsa-4549	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.debian.org/security/2019/dsa-4571	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.tenable.com/security/tns-2021-11	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History