Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2018-20843

HIGH7.5

In libexpat in Expat before 2

Published Jun 24, 2019

Modified 7 months ago

No fix available

Details

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

References

ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html WEBhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226 WEBhttps://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes WEBhttps://github.com/libexpat/libexpat/issues/186 WEBhttps://github.com/libexpat/libexpat/pull/262 WEBhttps://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 WEBhttps://lists.debian.org/debian-lts-announce/2019/06/msg00028.html ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/ADVISORYhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/WEBhttps://seclists.org/bugtraq/2019/Jun/39 ADVISORYhttps://security.gentoo.org/glsa/201911-08 WEBhttps://security.netapp.com/advisory/ntap-20190703-0001/WEBhttps://support.f5.com/csp/article/K51011533 ADVISORYhttps://usn.ubuntu.com/4040-1/ADVISORYhttps://usn.ubuntu.com/4040-2/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2018-20843 ADVISORYhttps://www.debian.org/security/2019/dsa-4472 WEBhttps://www.oracle.com/security-alerts/cpuApr2021.html WEBhttps://www.oracle.com/security-alerts/cpuapr2020.html WEBhttps://www.oracle.com/security-alerts/cpuoct2020.html WEBhttps://www.oracle.com/security-alerts/cpuoct2021.html WEBhttps://www.tenable.com/security/tns-2021-11

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedJun 24, 2019

ModifiedMay 30, 2025

CVE-2018-20843 | Mondoo Vulnerability Intelligence