This can result in parse error messages like " malformed UTF-8 sequence in net. c: 1:10: Incomplete multibyte sequence (1 0x28 0xFF 0xFF 0xFF 0xFF 0x28 0xFF 0xFF 0xFF 0x28 0xFF 0xFF 0xFF 0x28 0xFF 0xFF 0xFF) in 'net.c: 1:10' . This is caused by invalid UTF-8 sequences being parsed. This is a regression since Expat 2.0. CVE-2014-1814: In certain circumstances, using the XML parser with HTTP/1.1 or 1.0 can result in denial of service or potential code execution. This can happen when using the HTTP/1.1 or 1.0 protocol with XML streams that use the push model, where encoding is done as part of the stream parsing.
CVE-2014-1817: The XML parser in Expat 2.0.0 and 1.0.9 might allow remote attackers to cause a denial of service via a crafted document. This is a RESTful API vulnerability. CVE-2014-1818: There is a remote denial of service vulnerability in Expat, caused by malformed documents. This can be exploited when parsing XML documents over HTTP or other protocols that allow for input in arbitrary formats. This is a RESTful API vulnerability. CVE-2014-1819
What's an XML parser?
An XML parser is a software component used to parse and process Extensible Markup Language pages.
Stream Processing
, a Code Execution Vulnerability
Stream processing is code execution vulnerability that can be exploited when XML documents are parsed over HTTP or other protocols. Stream processing is done by using the xmlstream_process_entity() function and is triggered when a malformed UTF-8 sequence is encountered in the stream. This is an API vulnerability.
Information on the expat RESTful API vulnerability
The Expat RESTful API vulnerability is a remote denial of service vulnerability. This can be exploited when parsing XML documents over HTTP or other protocols that allow for input in arbitrary formats. This is a RESTful API vulnerability.
This can result in parse error messages like " malformed UTF-8 sequence in net.c: 1:10: Incomplete multibyte sequence (1 0x28 0xFF 0xFF 0xFF 0xFF 0x28 0xFF 0xFF 0xFF 0x28 0xFF 0xFF 0xFF
Variable Length Encoding in XML
There is a vulnerability in the XML parser in Expat, which can allow remote attackers to cause a denial of service via a crafted document. This is a RESTful API vulnerability.
Timeline
Published on: 02/16/2022 01:15:00 UTC
Last modified on: 06/14/2022 11:15:00 UTC
References
- https://github.com/libexpat/libexpat/pull/562
- http://www.openwall.com/lists/oss-security/2022/02/19/1
- https://www.debian.org/security/2022/dsa-5085
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
- https://security.netapp.com/advisory/ntap-20220303-0008/
- https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25235