Cryptographic Issues Affecting expat Open this link in a new tab package, versions >=0.0.0

Attack Complexity

High
Integrity

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-COCOAPODS-EXPAT-471188
published

2 Oct 2019
disclosed

5 Apr 2012
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 5 Apr 2012

CVE-2012-6702 Open this link in a new tab CWE-310 Open this link in a new tab

How to fix?

There is no fixed version for expat.

Overview

expat is a XML parser library written in C.

Affected versions of this package are vulnerable to Cryptographic Issues. This would only be possible when a parser that has not called XML_SetHashSalt or passed it a seed of 0. It is possible due to the use of the srand function.

References

CONFIRM
CONFIRM
Debian Security Advisory
Gentoo Security Advisory
GitHub Commit
OSS security Advisory
OSS security Advisory
Security Focus
Ubuntu Security Advisory

Cryptographic Issues Affecting expat Open this link in a new tab package, versions >=0.0.0

Attack Complexity

Integrity

snyk-id

published

disclosed

credit

Introduced: 5 Apr 2012

How to fix?

Overview

References