Cryptographic Issues Affecting expat package, versions >=0.0.0

Snyk CVSS

Attack Complexity High

Integrity High

RHEL medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-COCOAPODS-EXPAT-471188
published 2 Oct 2019
disclosed 5 Apr 2012
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 5 Apr 2012

CVE-2012-6702 Open this link in a new tab CWE-310 Open this link in a new tab

How to fix?

There is no fixed version for expat.

Overview

expat is a XML parser library written in C.

Affected versions of this package are vulnerable to Cryptographic Issues. This would only be possible when a parser that has not called XML_SetHashSalt or passed it a seed of 0. It is possible due to the use of the srand function.

References

CONFIRM
CONFIRM
Debian Security Advisory
Gentoo Security Advisory
GitHub Commit
OSS security Advisory
OSS security Advisory
Security Focus
Ubuntu Security Advisory