Support Content Notification - Support Portal

Multiple Vulnerabilities within libexpat (CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22825, CVE-2022-23990)

Product/Component

Brocade Fabric OS

2 more products

Notification Id

24611

Last Updated

06 August 2024

Initial Publication Date

30 July 2024

Status

CLOSED

Severity

LOW

CVSS Base Score

Varies

WorkAround

Affected CVE

CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22825, CVE-2022-23990

Brocade Security Advisory ID	BSA-2024-1960
Component	libexpat

Summary

CVE-2018-20843
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Base CVSS score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-15903
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Base CVSS score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-46143
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Base CVSS score: 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Base CVSS score: 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-23990
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Base CVSS score: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Products Affected

Brocade Fabric OS versions after v9.0 contain the vulnerable code, however these CVEs are non-exploitable within the product [VEX Justification: Inline_mitigations_already_exist]

Products Not Affected

Brocade Fabric OS versions before v9.0, including Fabric OS v8.2.3x
[VEX Justification: Component_not_present]

All versions of Brocade SANnav
[VEX Justification: Vulnerable_code_not_in_execute_path]

All Brocade ASCG versions v2.1 and later
[VEX Justification: Vulnerable_code_not_present]

Solution

Security updates for all CVEs listed above provided in Brocade Fabric OS versions v9.1.1d2, v9.2.0b1, v9.2.1 and all later versions

Revision History

Version	Change	Date
1.0	Initial Publication	July 30, 2024

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.