In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. Publish Date : 2019-09-04 Last Update Date : 2019-09-12
CVE-2018-20843:
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). Publish Date : 2019-06-24 Last Update Date : 2019-06-26
We reviewed the code of Sentinel Runtime (v7.100). 1. Sentinel license manager uses expat to handle the XML data in the request. However, we didn't expose the interface of expat to the users. Users cannot call expat interface with crafted XML input to trigger the vulnerability. 2. Sentinel license manager uses expat to handle the XML data in the request. However, we didn't call interface XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber. So vulnerability mentioned in CVE-2019-15903 will not be triggered. 3. Sentinel license manager uses expat to handle the XML data in the request. However, we will not pass XML input including XML names that contain a large number of colons to Sentinel license manager. So vulnerability mentioned in CVE-2018-20843 will not be triggered.
