csaf_redhat - rhba-2022:8290

RHBA-2022:8290

Vulnerability from csaf_redhat - Published: 2022-11-15 11:58 - Updated: 2025-12-04 23:14

Summary

Red Hat Bug Fix Advisory: expat bug fix and enhancement update

Notes

Topic

An update for expat is now available for Red Hat Enterprise Linux 9.

Details

For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for expat is now available for Red Hat Enterprise Linux 9.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2022:8290",
        "url": "https://access.redhat.com/errata/RHBA-2022:8290"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
      },
      {
        "category": "external",
        "summary": "2067201",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2067201"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhba-2022_8290.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: expat bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2025-12-04T23:14:37+00:00",
      "generator": {
        "date": "2025-12-04T23:14:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.13"
        }
      },
      "id": "RHBA-2022:8290",
      "initial_release_date": "2022-11-15T11:58:10+00:00",
      "revision_history": [
        {
          "date": "2022-11-15T11:58:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-11-15T11:58:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-12-04T23:14:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.1.0.GA",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux BaseOS (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux BaseOS (v. 9)",
                  "product_id": "BaseOS-9.1.0.GA",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.4.9-1.el9_1.aarch64",
                "product": {
                  "name": "expat-devel-0:2.4.9-1.el9_1.aarch64",
                  "product_id": "expat-devel-0:2.4.9-1.el9_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.4.9-1.el9_1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.4.9-1.el9_1.aarch64",
                "product": {
                  "name": "expat-debugsource-0:2.4.9-1.el9_1.aarch64",
                  "product_id": "expat-debugsource-0:2.4.9-1.el9_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.4.9-1.el9_1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
                "product": {
                  "name": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
                  "product_id": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.4.9-1.el9_1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.4.9-1.el9_1.aarch64",
                "product": {
                  "name": "expat-0:2.4.9-1.el9_1.aarch64",
                  "product_id": "expat-0:2.4.9-1.el9_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.4.9-1.el9_1?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.4.9-1.el9_1.ppc64le",
                "product": {
                  "name": "expat-devel-0:2.4.9-1.el9_1.ppc64le",
                  "product_id": "expat-devel-0:2.4.9-1.el9_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.4.9-1.el9_1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
                "product": {
                  "name": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
                  "product_id": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.4.9-1.el9_1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
                "product": {
                  "name": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
                  "product_id": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.4.9-1.el9_1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.4.9-1.el9_1.ppc64le",
                "product": {
                  "name": "expat-0:2.4.9-1.el9_1.ppc64le",
                  "product_id": "expat-0:2.4.9-1.el9_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.4.9-1.el9_1?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.4.9-1.el9_1.i686",
                "product": {
                  "name": "expat-devel-0:2.4.9-1.el9_1.i686",
                  "product_id": "expat-devel-0:2.4.9-1.el9_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.4.9-1.el9_1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.4.9-1.el9_1.i686",
                "product": {
                  "name": "expat-debugsource-0:2.4.9-1.el9_1.i686",
                  "product_id": "expat-debugsource-0:2.4.9-1.el9_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.4.9-1.el9_1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.4.9-1.el9_1.i686",
                "product": {
                  "name": "expat-debuginfo-0:2.4.9-1.el9_1.i686",
                  "product_id": "expat-debuginfo-0:2.4.9-1.el9_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.4.9-1.el9_1?arch=i686"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.4.9-1.el9_1.i686",
                "product": {
                  "name": "expat-0:2.4.9-1.el9_1.i686",
                  "product_id": "expat-0:2.4.9-1.el9_1.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.4.9-1.el9_1?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.4.9-1.el9_1.x86_64",
                "product": {
                  "name": "expat-devel-0:2.4.9-1.el9_1.x86_64",
                  "product_id": "expat-devel-0:2.4.9-1.el9_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.4.9-1.el9_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.4.9-1.el9_1.x86_64",
                "product": {
                  "name": "expat-debugsource-0:2.4.9-1.el9_1.x86_64",
                  "product_id": "expat-debugsource-0:2.4.9-1.el9_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.4.9-1.el9_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
                "product": {
                  "name": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
                  "product_id": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.4.9-1.el9_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.4.9-1.el9_1.x86_64",
                "product": {
                  "name": "expat-0:2.4.9-1.el9_1.x86_64",
                  "product_id": "expat-0:2.4.9-1.el9_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.4.9-1.el9_1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-devel-0:2.4.9-1.el9_1.s390x",
                "product": {
                  "name": "expat-devel-0:2.4.9-1.el9_1.s390x",
                  "product_id": "expat-devel-0:2.4.9-1.el9_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-devel@2.4.9-1.el9_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debugsource-0:2.4.9-1.el9_1.s390x",
                "product": {
                  "name": "expat-debugsource-0:2.4.9-1.el9_1.s390x",
                  "product_id": "expat-debugsource-0:2.4.9-1.el9_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debugsource@2.4.9-1.el9_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-debuginfo-0:2.4.9-1.el9_1.s390x",
                "product": {
                  "name": "expat-debuginfo-0:2.4.9-1.el9_1.s390x",
                  "product_id": "expat-debuginfo-0:2.4.9-1.el9_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat-debuginfo@2.4.9-1.el9_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "expat-0:2.4.9-1.el9_1.s390x",
                "product": {
                  "name": "expat-0:2.4.9-1.el9_1.s390x",
                  "product_id": "expat-0:2.4.9-1.el9_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.4.9-1.el9_1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-0:2.4.9-1.el9_1.src",
                "product": {
                  "name": "expat-0:2.4.9-1.el9_1.src",
                  "product_id": "expat-0:2.4.9-1.el9_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/expat@2.4.9-1.el9_1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.src"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.src",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "AppStream-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.src"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.src",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-debugsource-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-debugsource-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.aarch64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.i686",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.ppc64le",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.s390x",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-devel-0:2.4.9-1.el9_1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
          "product_id": "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64"
        },
        "product_reference": "expat-devel-0:2.4.9-1.el9_1.x86_64",
        "relates_to_product_reference": "BaseOS-9.1.0.GA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-0340",
      "discovery_date": "2013-02-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1000109"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "expat: internal entity expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64",
          "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686",
          "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le",
          "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x",
          "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.src",
          "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64",
          "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
          "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686",
          "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
          "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x",
          "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
          "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64",
          "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686",
          "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
          "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x",
          "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64",
          "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64",
          "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686",
          "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le",
          "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x",
          "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64",
          "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64",
          "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686",
          "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le",
          "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x",
          "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.src",
          "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64",
          "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
          "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686",
          "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
          "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x",
          "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
          "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64",
          "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686",
          "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
          "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x",
          "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64",
          "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64",
          "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686",
          "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le",
          "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x",
          "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-0340"
        },
        {
          "category": "external",
          "summary": "RHBZ#1000109",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1000109"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0340",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0340"
        }
      ],
      "release_date": "2013-02-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-15T11:58:10+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.src",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.src",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2022:8290"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.src",
            "AppStream-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x",
            "AppStream-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.src",
            "BaseOS-9.1.0.GA:expat-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-debuginfo-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-debugsource-0:2.4.9-1.el9_1.x86_64",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.aarch64",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.i686",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.ppc64le",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.s390x",
            "BaseOS-9.1.0.GA:expat-devel-0:2.4.9-1.el9_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "expat: internal entity expansion"
    }
  ]
}

CVE-2013-0340 (GCVE-0-2013-0340)

Vulnerability from cvelistv5 – Published: 2014-01-21 18:00 – Updated: 2025-11-25 16:27

Summary

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://openwall.com/lists/oss-security/2013/02/22/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2013/04/12/6	mailing-listx_refsource_MLIST
	http://www.osvdb.org/90634	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1028213	vdb-entryx_refsource_SECTRACK
	https://security.gentoo.org/glsa/201701-21	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/58233	vdb-entryx_refsource_BID
	https://support.apple.com/kb/HT212805	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212804	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212807	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212819	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212814	x_refsource_CONFIRM
	https://support.apple.com/kb/HT212815	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2021/Sep/33	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Sep/34	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Sep/40	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Sep/35	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Sep/38	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Sep/39	mailing-listx_refsource_FULLDISC
	https://lists.apache.org/thread.html/r41eca5f4f09…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfb2c1933604…	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/10/07/4	mailing-listx_refsource_MLIST
	http://seclists.org/fulldisclosure/2021/Oct/62	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Oct/63	mailing-listx_refsource_FULLDISC
	http://seclists.org/fulldisclosure/2021/Oct/61	mailing-listx_refsource_FULLDISC
	https://github.com/libexpat/libexpat/blob/R_2_4_1…

Impacted products

	Vendor	Product	Version
			Affected: 0 , < 2.4.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:25:10.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2013/02/22/3"
          },
          {
            "name": "[oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
          },
          {
            "name": "90634",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/90634"
          },
          {
            "name": "1028213",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1028213"
          },
          {
            "name": "GLSA-201701-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201701-21"
          },
          {
            "name": "58233",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/58233"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212805"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212804"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212807"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212815"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/33"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-2 watchOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/34"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-3 tvOS 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/35"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/38"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
          },
          {
            "name": "[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E"
          },
          {
            "name": "[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/07/4"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
          },
          {
            "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/libexpat/libexpat/",
          "defaultStatus": "unaffected",
          "packageName": "libexpat",
          "versions": [
            {
              "lessThan": "2.4.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2013-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T16:27:56.273Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://openwall.com/lists/oss-security/2013/02/22/3"
        },
        {
          "name": "[oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"
        },
        {
          "name": "90634",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/90634"
        },
        {
          "name": "1028213",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1028213"
        },
        {
          "name": "GLSA-201701-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201701-21"
        },
        {
          "name": "58233",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/58233"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212805"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212804"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212807"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212815"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/33"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-2 watchOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/34"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-3 tvOS 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/35"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/38"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
        },
        {
          "name": "[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E"
        },
        {
          "name": "[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/07/4"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/62"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/63"
        },
        {
          "name": "20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Oct/61"
        },
        {
          "name": "Expat 2.4.0 and 2.4.1 Changelog",
          "url": "https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0340",
    "datePublished": "2014-01-21T18:00:00",
    "dateReserved": "2012-12-06T00:00:00",
    "dateUpdated": "2025-11-25T16:27:56.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHBA-2022:8290

CVE-2013-0340 (GCVE-0-2013-0340)

Tags

Sightings

Nomenclature