CVE-2013-0340

N/A Unknown

Published: January 21, 2014 Modified: November 25, 2025

Description

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://openwall.com/lists/oss-security/2013/02/22/3

Source: secalert@redhat.com

Exploit Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/61

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/62

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/63

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Sep/33

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Sep/34

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Sep/35

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Sep/38

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Sep/39

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://seclists.org/fulldisclosure/2021/Sep/40

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://securitytracker.com/id?1028213

Source: secalert@redhat.com

Third Party Advisory VDB Entry

http://www.openwall.com/lists/oss-security/2013/04/12/6

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://www.openwall.com/lists/oss-security/2021/10/07/4

Source: secalert@redhat.com

Mailing List Third Party Advisory

http://www.osvdb.org/90634

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/bid/58233

Source: secalert@redhat.com

Broken Link Third Party Advisory VDB Entry

https://github.com/libexpat/libexpat/blob/R_2_4_1/expat/Changes

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E

Source: secalert@redhat.com

https://security.gentoo.org/glsa/201701-21

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT212804

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT212805

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT212807

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT212814

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT212815

Source: secalert@redhat.com

Third Party Advisory

https://support.apple.com/kb/HT212819

Source: secalert@redhat.com

Third Party Advisory

http://openwall.com/lists/oss-security/2013/02/22/3