CVE-2016-0718: expat 2.2, bug #537

The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution.

CVE-ID:

  • CVE-2016-0718
  • CVE-2016-4472
  • Disclosure date: 2017-02-17 (Python issue #29591 reported)
  • Reported by: 2016-05-27 (expat bug #537 reported)

Fixed In

Vulnerable Versions

  • Python 2.7
  • Python 3.3

Python issue

Various security vulnerabilities in bundled expat (CVE-2016-0718 and CVE-2016-4472).

  • Python issue: issue #29591
  • Creation date: 2017-02-17
  • Reporter: Natanael Copa

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Timeline

Timeline using the disclosure date 2017-02-17 as reference:

  • 2016-05-26 (-267 days): CVE-2016-0718 published
  • 2017-02-17: Python issue #29591 reported by Natanael Copa
  • 2017-06-14 (+117 days): commit 86b9537
  • 2017-06-15 (+118 days): commit 8c797ed
  • 2017-07-12 (+145 days): commit 71572bb
  • 2017-07-17 (+150 days): Python 3.6.2 released
  • 2017-08-08 (+172 days): Python 3.5.4 released
  • 2017-08-09 (+173 days): Python 3.4.7 released