Wind River Support Network

HomeDefectsLIN8-7145
Fixed

LIN8-7145 : Security Advisory - expat - CVE-2017-9233

Created: Jul 21, 2017    Updated: Dec 3, 2018
Resolved Date: Jul 28, 2017
Previous ID: LIN6-13238
Found In Version: 8.0.0.19
Fix Version: 8.0.0.20
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

An infinite loop vulnerability due to malformed XML in external entity was found in entityValueInitProcessor function affecting versions of Expat 2.2.0 and earlier.

Upstream patch:

https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f

External References:

https://libexpat.github.io/doc/cve-2017-9233/

Other Downloads


CVEs


Live chat
Online