In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:oracle:hospitality_res_3700:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "5.7"
},
{
"last_affected": "5.7.6"
}
],
"vendor_product": "oracle:hospitality_res_3700"
},
{
"cpes": [
"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "8.15.0"
}
],
"vendor_product": "tenable:nessus"
},
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"last_affected": "12.04"
},
{
"last_affected": "14.04"
},
{
"last_affected": "16.04"
},
{
"last_affected": "18.04"
},
{
"last_affected": "18.10"
},
{
"last_affected": "19.04"
}
],
"vendor_product": "canonical:ubuntu_linux"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "8.0"
},
{
"last_affected": "9.0"
}
],
"vendor_product": "debian:debian_linux"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "29"
},
{
"last_affected": "30"
}
],
"vendor_product": "fedoraproject:fedora"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "15.0"
},
{
"last_affected": "15.1"
}
],
"vendor_product": "opensuse:leap"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "12.1.3.0"
},
{
"last_affected": "12.2.1.4.0"
}
],
"vendor_product": "oracle:http_server"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"last_affected": "8.5.4"
},
{
"last_affected": "8.5.5"
}
],
"vendor_product": "oracle:outside_in_technology"
}
]
}{
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.2.7"
}
],
"cpe": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"
}