FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat2 -- Fix extraction of namespace prefixes from XML names

Affected packages
expat < 2.2.7

Details

VuXML ID c5bd8a25-99a6-11e9-a598-f079596b62f9
Discovery 2019-06-19
Entry 2019-09-16

expat project reports:

XML names with multiple colons could end up in the wrong namespace, and take a high amount of RAM and CPU resources while processing, opening the door to use for denial-of-service attacks

[source]

References

URL https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.