Wind River Support Network

HomeDefectsLIN5-16355
Fixed

LIN5-16355 : Security Advisory - expat - CVE-2012-1148

Created: Jul 15, 2012    Updated: Dec 19, 2017
Resolved Date: May 26, 2014
Previous ID: LIN2-17804
Found In Version: 5.0
Fix Version: 5.0.1.16
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1148

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online