Wind River Support Network

HomeDefectsLIN7-8425
Fixed

LIN7-8425 : Security Advisory - expat - CVE-2017-9233

Created: Jul 21, 2017    Updated: Sep 8, 2018
Resolved Date: Jul 23, 2017
Previous ID: LIN6-13237
Found In Version: 7.0.0.25
Fix Version: 7.0.0.26
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace

Description

An infinite loop vulnerability due to malformed XML in external entity was found in entityValueInitProcessor function affecting versions of Expat 2.2.0 and earlier.

Upstream patch:

https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f

External References:

https://libexpat.github.io/doc/cve-2017-9233/

Other Downloads


CVEs


Live chat
Online