SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2012-1148

Date: (C)2012-07-03 (M)2024-03-01

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL

Reference:

SECTRACK-1034344

APPLE-SA-2015-12-08-3

IAVM:2012-A-0189

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.166&r2=1.167

http://sourceforge.net/projects/expat/files/expat/2.1.0/

http://sourceforge.net/tracker/?func=detail&atid=110127&aid=2958794&group_id=10127

https://support.apple.com/HT205637

cpe:/a:libexpat:expat:1.95.6
cpe:/a:libexpat:expat:1.95.7
cpe:/a:libexpat:expat:1.95.8
cpe:/a:libexpat:expat:1.95.2
...

oval:org.secpod.oval:def:1601316
oval:org.secpod.oval:def:302836
oval:org.secpod.oval:def:1300043
oval:org.secpod.oval:def:202354
...

© SecPod Technologies