{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-15T22:06:15.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-4132-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4132-1/"}, {"name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"name": "USN-4132-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4132-2/"}, {"name": "FEDORA-2019-613edfe68b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"name": "DSA-4530", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"name": "FEDORA-2019-9505c6b555", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"name": "openSUSE-SU-2019:2205", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"name": "openSUSE-SU-2019:2204", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"name": "FEDORA-2019-672ae0f060", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"name": "20191021 [slackware-security] python (SSA:2019-293-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"name": "USN-4165-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4165-1/"}, {"name": "DSA-4549", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"name": "RHSA-2019:3210", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"name": "RHSA-2019:3237", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"name": "openSUSE-SU-2019:2420", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"name": "openSUSE-SU-2019:2424", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"name": "openSUSE-SU-2019:2425", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"name": "RHSA-2019:3756", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"name": "openSUSE-SU-2019:2447", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"name": "openSUSE-SU-2019:2451", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"name": "openSUSE-SU-2019:2452", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"name": "openSUSE-SU-2019:2459", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"name": "openSUSE-SU-2019:2464", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"name": "DSA-4571", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"name": "GLSA-201911-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"name": "USN-4202-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4202-1/"}, {"name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"name": "openSUSE-SU-2020:0010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210789"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210793"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210795"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT210794"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-11"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15903", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-4132-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4132-1/"}, {"name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"name": "USN-4132-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4132-2/"}, {"name": "FEDORA-2019-613edfe68b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"name": "DSA-4530", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4530"}, {"name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"name": "FEDORA-2019-9505c6b555", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"name": "openSUSE-SU-2019:2205", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"name": "openSUSE-SU-2019:2204", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"name": "FEDORA-2019-672ae0f060", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"name": "20191021 [slackware-security] python (SSA:2019-293-01)", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"name": "USN-4165-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4165-1/"}, {"name": "DSA-4549", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4549"}, {"name": "RHSA-2019:3210", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"name": "RHSA-2019:3237", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"name": "openSUSE-SU-2019:2420", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"name": "openSUSE-SU-2019:2424", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"name": "openSUSE-SU-2019:2425", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"name": "RHSA-2019:3756", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"name": "openSUSE-SU-2019:2447", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"name": "openSUSE-SU-2019:2451", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"name": "openSUSE-SU-2019:2452", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"name": "openSUSE-SU-2019:2459", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"name": "openSUSE-SU-2019:2464", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"name": "DSA-4571", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4571"}, {"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"name": "GLSA-201911-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201911-08"}, {"name": "USN-4202-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4202-1/"}, {"name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"name": "openSUSE-SU-2020:0010", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"name": "openSUSE-SU-2020:0086", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://github.com/libexpat/libexpat/issues/317", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/issues/317"}, {"name": "https://github.com/libexpat/libexpat/pull/318", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/pull/318"}, {"name": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"name": "https://github.com/libexpat/libexpat/issues/342", "refsource": "CONFIRM", "url": "https://github.com/libexpat/libexpat/issues/342"}, {"name": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190926-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"name": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210788"}, {"name": "https://support.apple.com/kb/HT210790", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210790"}, {"name": "https://support.apple.com/kb/HT210785", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210785"}, {"name": "https://support.apple.com/kb/HT210789", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210789"}, {"name": "https://support.apple.com/kb/HT210793", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210793"}, {"name": "https://support.apple.com/kb/HT210795", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210795"}, {"name": "https://support.apple.com/kb/HT210794", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT210794"}, {"name": "https://www.tenable.com/security/tns-2021-11", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-11"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.547Z"}, "title": "CVE Program Container", "references": [{"name": "USN-4132-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4132-1/"}, {"name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"name": "USN-4132-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4132-2/"}, {"name": "FEDORA-2019-613edfe68b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"name": "DSA-4530", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"name": "FEDORA-2019-9505c6b555", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"name": "openSUSE-SU-2019:2205", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"name": "openSUSE-SU-2019:2204", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"name": "FEDORA-2019-672ae0f060", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"name": "20191021 [slackware-security] python (SSA:2019-293-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"name": "USN-4165-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4165-1/"}, {"name": "DSA-4549", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"name": "RHSA-2019:3210", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"name": "RHSA-2019:3237", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"name": "openSUSE-SU-2019:2420", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"name": "openSUSE-SU-2019:2424", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"name": "openSUSE-SU-2019:2425", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"name": "RHSA-2019:3756", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"name": "openSUSE-SU-2019:2447", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"name": "openSUSE-SU-2019:2451", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"name": "openSUSE-SU-2019:2452", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"name": "openSUSE-SU-2019:2459", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"name": "openSUSE-SU-2019:2464", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"name": "DSA-4571", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"name": "GLSA-201911-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"name": "USN-4202-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4202-1/"}, {"name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"name": "openSUSE-SU-2020:0010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4335-1/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210788"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210790"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210785"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210789"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210793"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210795"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT210794"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-11"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-30T19:27:14.896115Z", "id": "CVE-2019-15903", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T19:27:19.904Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15903", "datePublished": "2019-09-04T05:59:16.000Z", "dateReserved": "2019-09-04T00:00:00.000Z", "dateUpdated": "2025-05-30T19:27:19.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://usn.ubuntu.com/4132-1/", "name": "USN-4132-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/30", "name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4132-2/", "name": "USN-4132-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/", "name": "FEDORA-2019-613edfe68b", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://www.debian.org/security/2019/dsa-4530", "name": "DSA-4530", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/37", "name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/", "name": "FEDORA-2019-9505c6b555", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html", "name": "openSUSE-SU-2019:2205", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html", "name": "openSUSE-SU-2019:2204", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/", "name": "FEDORA-2019-672ae0f060", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Oct/29", "name": "20191021 [slackware-security] python (SSA:2019-293-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4165-1/", "name": "USN-4165-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://www.debian.org/security/2019/dsa-4549", "name": "DSA-4549", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3210", "name": "RHSA-2019:3210", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3237", "name": "RHSA-2019:3237", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Nov/1", "name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html", "name": "openSUSE-SU-2019:2420", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html", "name": "openSUSE-SU-2019:2424", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html", "name": "openSUSE-SU-2019:2425", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3756", "name": "RHSA-2019:3756", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "name": "openSUSE-SU-2019:2447", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html", "name": "openSUSE-SU-2019:2451", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html", "name": "openSUSE-SU-2019:2452", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html", "name": "openSUSE-SU-2019:2459", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html", "name": "openSUSE-SU-2019:2464", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html", "name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Nov/24", "name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://www.debian.org/security/2019/dsa-4571", "name": "DSA-4571", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html", "name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201911-08", "name": "GLSA-201911-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4202-1/", "name": "USN-4202-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Dec/17", "name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Dec/21", "name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "https://seclists.org/bugtraq/2019/Dec/23", "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/23", "name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/26", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/30", "name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/27", "name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html", "name": "openSUSE-SU-2020:0010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://usn.ubuntu.com/4335-1/", "name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/libexpat/libexpat/issues/317", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/libexpat/libexpat/pull/318", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/libexpat/libexpat/issues/342", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20190926-0004/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210788", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210790", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210785", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210789", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210793", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210795", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT210794", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.tenable.com/security/tns-2021-11", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.547Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-15903", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-30T19:27:14.896115Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T19:26:04.258Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://usn.ubuntu.com/4132-1/", "name": "USN-4132-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/30", "name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://usn.ubuntu.com/4132-2/", "name": "USN-4132-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/", "name": "FEDORA-2019-613edfe68b", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://www.debian.org/security/2019/dsa-4530", "name": "DSA-4530", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://seclists.org/bugtraq/2019/Sep/37", "name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/", "name": "FEDORA-2019-9505c6b555", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html", "name": "openSUSE-SU-2019:2205", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html", "name": "openSUSE-SU-2019:2204", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/", "name": "FEDORA-2019-672ae0f060", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "https://seclists.org/bugtraq/2019/Oct/29", "name": "20191021 [slackware-security] python (SSA:2019-293-01)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://usn.ubuntu.com/4165-1/", "name": "USN-4165-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://www.debian.org/security/2019/dsa-4549", "name": "DSA-4549", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3210", "name": "RHSA-2019:3210", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3237", "name": "RHSA-2019:3237", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://seclists.org/bugtraq/2019/Nov/1", "name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html", "name": "openSUSE-SU-2019:2420", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html", "name": "openSUSE-SU-2019:2424", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html", "name": "openSUSE-SU-2019:2425", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3756", "name": "RHSA-2019:3756", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "name": "openSUSE-SU-2019:2447", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html", "name": "openSUSE-SU-2019:2451", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html", "name": "openSUSE-SU-2019:2452", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html", "name": "openSUSE-SU-2019:2459", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html", "name": "openSUSE-SU-2019:2464", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html", "name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://seclists.org/bugtraq/2019/Nov/24", "name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://www.debian.org/security/2019/dsa-4571", "name": "DSA-4571", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html", "name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://security.gentoo.org/glsa/201911-08", "name": "GLSA-201911-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "https://usn.ubuntu.com/4202-1/", "name": "USN-4202-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://seclists.org/bugtraq/2019/Dec/17", "name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://seclists.org/bugtraq/2019/Dec/21", "name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "https://seclists.org/bugtraq/2019/Dec/23", "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/23", "name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/26", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/30", "name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/27", "name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html", "name": "openSUSE-SU-2020:0010", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "name": "openSUSE-SU-2020:0086", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://usn.ubuntu.com/4335-1/", "name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_refsource_MISC"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/libexpat/libexpat/issues/317", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/libexpat/libexpat/pull/318", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/libexpat/libexpat/issues/342", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "tags": ["x_refsource_MISC"]}, {"url": "https://security.netapp.com/advisory/ntap-20190926-0004/", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "tags": ["x_refsource_MISC"]}, {"url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/kb/HT210788", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT210790", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT210785", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT210789", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT210793", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT210795", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://support.apple.com/kb/HT210794", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.tenable.com/security/tns-2021-11", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2021-06-15T22:06:15.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://usn.ubuntu.com/4132-1/", "name": "USN-4132-1", "refsource": "UBUNTU"}, {"url": "https://seclists.org/bugtraq/2019/Sep/30", "name": "20190917 [slackware-security] expat (SSA:2019-259-01)", "refsource": "BUGTRAQ"}, {"url": "https://usn.ubuntu.com/4132-2/", "name": "USN-4132-2", "refsource": "UBUNTU"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/", "name": "FEDORA-2019-613edfe68b", "refsource": "FEDORA"}, {"url": "https://www.debian.org/security/2019/dsa-4530", "name": "DSA-4530", "refsource": "DEBIAN"}, {"url": "https://seclists.org/bugtraq/2019/Sep/37", "name": "20190923 [SECURITY] [DSA 4530-1] expat security update", "refsource": "BUGTRAQ"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/", "name": "FEDORA-2019-9505c6b555", "refsource": "FEDORA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html", "name": "openSUSE-SU-2019:2205", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html", "name": "openSUSE-SU-2019:2204", "refsource": "SUSE"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/", "name": "FEDORA-2019-672ae0f060", "refsource": "FEDORA"}, {"url": "https://seclists.org/bugtraq/2019/Oct/29", "name": "20191021 [slackware-security] python (SSA:2019-293-01)", "refsource": "BUGTRAQ"}, {"url": "https://usn.ubuntu.com/4165-1/", "name": "USN-4165-1", "refsource": "UBUNTU"}, {"url": "https://www.debian.org/security/2019/dsa-4549", "name": "DSA-4549", "refsource": "DEBIAN"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3210", "name": "RHSA-2019:3210", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3237", "name": "RHSA-2019:3237", "refsource": "REDHAT"}, {"url": "https://seclists.org/bugtraq/2019/Nov/1", "name": "20191101 [SECURITY] [DSA 4549-1] firefox-esr security update", "refsource": "BUGTRAQ"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html", "name": "openSUSE-SU-2019:2420", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html", "name": "openSUSE-SU-2019:2424", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html", "name": "openSUSE-SU-2019:2425", "refsource": "SUSE"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3756", "name": "RHSA-2019:3756", "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html", "name": "openSUSE-SU-2019:2447", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html", "name": "openSUSE-SU-2019:2451", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html", "name": "openSUSE-SU-2019:2452", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html", "name": "openSUSE-SU-2019:2459", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html", "name": "openSUSE-SU-2019:2464", "refsource": "SUSE"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html", "name": "[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update", "refsource": "MLIST"}, {"url": "https://seclists.org/bugtraq/2019/Nov/24", "name": "20191118 [SECURITY] [DSA 4571-1] thunderbird security update", "refsource": "BUGTRAQ"}, {"url": "https://www.debian.org/security/2019/dsa-4571", "name": "DSA-4571", "refsource": "DEBIAN"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html", "name": "[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update", "refsource": "MLIST"}, {"url": "https://security.gentoo.org/glsa/201911-08", "name": "GLSA-201911-08", "refsource": "GENTOO"}, {"url": "https://usn.ubuntu.com/4202-1/", "name": "USN-4202-1", "refsource": "UBUNTU"}, {"url": "https://seclists.org/bugtraq/2019/Dec/17", "name": "20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "refsource": "BUGTRAQ"}, {"url": "https://seclists.org/bugtraq/2019/Dec/21", "name": "20191211 APPLE-SA-2019-12-10-5 tvOS 13.3", "refsource": "BUGTRAQ"}, {"url": "https://seclists.org/bugtraq/2019/Dec/23", "name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "BUGTRAQ"}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/23", "name": "20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/26", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/30", "name": "20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2019/Dec/27", "name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "refsource": "FULLDISC"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html", "name": "openSUSE-SU-2020:0010", "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html", "name": "openSUSE-SU-2020:0086", "refsource": "SUSE"}, {"url": "https://usn.ubuntu.com/4335-1/", "name": "USN-4335-1", "refsource": "UBUNTU"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC"}, {"url": "https://github.com/libexpat/libexpat/issues/317", "name": "https://github.com/libexpat/libexpat/issues/317", "refsource": "MISC"}, {"url": "https://github.com/libexpat/libexpat/pull/318", "name": "https://github.com/libexpat/libexpat/pull/318", "refsource": "MISC"}, {"url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "name": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "refsource": "MISC"}, {"url": "https://github.com/libexpat/libexpat/issues/342", "name": "https://github.com/libexpat/libexpat/issues/342", "refsource": "CONFIRM"}, {"url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "name": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html", "refsource": "MISC"}, {"url": "https://security.netapp.com/advisory/ntap-20190926-0004/", "name": "https://security.netapp.com/advisory/ntap-20190926-0004/", "refsource": "CONFIRM"}, {"url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "name": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html", "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "name": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html", "refsource": "MISC"}, {"url": "https://support.apple.com/kb/HT210788", "name": "https://support.apple.com/kb/HT210788", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT210790", "name": "https://support.apple.com/kb/HT210790", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT210785", "name": "https://support.apple.com/kb/HT210785", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT210789", "name": "https://support.apple.com/kb/HT210789", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT210793", "name": "https://support.apple.com/kb/HT210793", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT210795", "name": "https://support.apple.com/kb/HT210795", "refsource": "CONFIRM"}, {"url": "https://support.apple.com/kb/HT210794", "name": "https://support.apple.com/kb/HT210794", "refsource": "CONFIRM"}, {"url": "https://www.tenable.com/security/tns-2021-11", "name": "https://www.tenable.com/security/tns-2021-11", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-15903", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2019-15903", "state": "PUBLISHED", "dateUpdated": "2025-05-30T19:27:19.904Z", "dateReserved": "2019-09-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-09-04T05:59:16.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "53820561-496E-490D-8061-A21C9C69C208", "versionEndExcluding": "2.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "B09B31A2-30BF-4E95-81A3-F77FD97DF5B6", "versionEndExcluding": "2.7.17", "versionStartIncluding": "2.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A384586-B574-4240-8BCF-CCE69498F336", "versionEndExcluding": "3.5.8", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD0A51C5-9774-4CB3-A4ED-7C68AF2EFA73", "versionEndExcluding": "3.6.10", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "26CE919D-4E17-44A1-97FD-0DD55B14701F", "versionEndExcluding": "3.7.5", "versionStartIncluding": "3.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."}, {"lang": "es", "value": "En libexpat versiones anteriores a 2.2.8, una entrada XML especialmente dise\u00f1ada podr\u00eda enga\u00f1ar al analizador para que cambie de an\u00e1lisis DTD a an\u00e1lisis de documentos demasiado pronto; una llamada consecutiva a la funci\u00f3n XML_GetCurrentLineNumber (o XML_GetCurrentColumnNumber) luego result\u00f3 en una lectura excesiva del b\u00fafer en la regi\u00f3n heap de la memoria."}], "id": "CVE-2019-15903", "lastModified": "2025-05-30T20:15:23.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-09-04T06:15:10.877", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210785"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210788"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210789"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210790"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210793"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210794"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210795"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-2/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4165-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4202-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Dec/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/342"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/pull/318"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Dec/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Nov/24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Oct/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/37"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201911-08"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190926-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210790"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210793"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT210795"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4132-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4165-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4202-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4530"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4571"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-11"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-776"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el6", "package": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6", "product_name": "JBoss Core Services on RHEL 6", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2020:2644", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2020-06-22T00:00:00Z"}, {"advisory": "RHSA-2019:3756", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.2.0-2.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-11-06T00:00:00Z"}, {"advisory": "RHSA-2019:3193", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.2.0-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-10-24T00:00:00Z"}, {"advisory": "RHSA-2019:3210", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.2.0-1.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-10-29T00:00:00Z"}, {"advisory": "RHSA-2020:3952", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "expat-0:2.1.0-12.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2019:3196", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.2.0-2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-10-24T00:00:00Z"}, {"advisory": "RHSA-2019:3237", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.2.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-10-29T00:00:00Z"}, {"advisory": "RHSA-2020:4484", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "expat-0:2.2.5-4.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}, {"advisory": "RHSA-2021:0949", "cpe": "cpe:/a:redhat:openshift_do:1.0::el7", "package": "openshiftdo/odo-init-image-rhel7:1.1.3-2", "product_name": "Red Hat OpenShift Do", "release_date": "2021-03-22T00:00:00Z"}, {"advisory": "RHSA-2020:2646", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "expat", "product_name": "Text-Only JBCS", "release_date": "2020-06-22T00:00:00Z"}], "bugzilla": {"description": "expat: heap-based buffer over-read via crafted XML input", "id": "1752592", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752592"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "(CWE-122|CWE-125)", "details": ["In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2019-15903", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "xmlrpc-c", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Out of support scope", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 2"}], "public_date": "2019-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15903\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15903"], "threat_severity": "Low"}

{}