製品・ソフトウェアに関する情報

JVN脆弱性詳細

Expat の readfilemap.c におけるサービス運用妨害 (ファイル記述子の消費) の脆弱性

Title	Expat の readfilemap.c におけるサービス運用妨害 (ファイル記述子の消費) の脆弱性
Summary	Expat の readfilemap.c には、サービス運用妨害 (ファイル記述子の消費) 状態となる脆弱性が存在します。
Possible impacts	攻撃者により、大量の巧妙に細工された XML ファイルを介して、サービス運用妨害 (ファイル記述子の消費) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 24, 2012, midnight
Registration Date	July 5, 2012, 11:18 a.m.
Last Update	Dec. 15, 2015, 3:21 p.m.

Affected System

アップル

Apple Mac OS X 10.11

Apple Mac OS X 10.11.1

Expat

Expat 2.1.0 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-1147	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1147
National Vulnerability Database (NVD)
2	CVE-2012-1147	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1147

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apple Mailing Lists
1	APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html
Apple Security Updates
2	HT205637	https://support.apple.com/en-us/HT205637
Apple セキュリティアップデート
3	HT205637	http://support.apple.com/ja-jp/HT205637
Expat
4	Top Page	http://www.libexpat.org/
SourceForge
5	Diff of /expat/xmlwf/readfilemap.c	http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15
6	expat 2.1.0	http://sourceforge.net/projects/expat/files/expat/2.1.0/
7	found a resource leak - ID: 2895533	http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127

その他

No	Name	URL
JVN
1	JVNVU#97526033	http://jvn.jp/vu/JVNVU97526033/

Change Log

No	Changed Details	Date of change
0	[2012年07月05日] 掲載 [2015年12月15日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：アップル (APPLE-SA-2015-12-08-3 OS X El Capitan 10.11.2 and Security Update 2015-008) を追加ベンダ情報：アップル (HT205637) を追加参考情報：JVN (JVNVU#97526033) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-1147

Summary	readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Publication Date	July 4, 2012, 4:55 a.m.
Registration Date	Jan. 26, 2021, 10:40 a.m.
Last Update	Nov. 21, 2024, 10:36 a.m.

Affected software configurations

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:libexpat_project:libexpat:1.95.1:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.2:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.4:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.5:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.6:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.7:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.8:::::::*
cpe:2.3:a:libexpat_project:libexpat:2.0.0:::::::*
cpe:2.3:a:libexpat_project:libexpat::::::::		2.0.1

Related information, measures and tools

No	URL	タグ
1	http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15
2	http://expat.cvs.sourceforge.net/viewvc/expat/expat/xmlwf/readfilemap.c?r1=1.14&r2=1.15
3	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Vendor Advisory
4	http://lists.apple.com/archives/security-announce/2015/Dec/msg00005.html	Vendor Advisory
5	http://sourceforge.net/projects/expat/files/expat/2.1.0/
6	http://sourceforge.net/projects/expat/files/expat/2.1.0/
7	http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127
8	http://sourceforge.net/tracker/?func=detail&aid=2895533&group_id=10127&atid=110127
9	http://trac.wxwidgets.org/ticket/11194
10	http://trac.wxwidgets.org/ticket/11194
11	http://trac.wxwidgets.org/ticket/11432
12	http://trac.wxwidgets.org/ticket/11432
13	http://www.securityfocus.com/bid/52379
14	http://www.securityfocus.com/bid/52379
15	http://www.securitytracker.com/id/1034344
16	http://www.securitytracker.com/id/1034344
17	https://support.apple.com/HT205637	Vendor Advisory
18	https://support.apple.com/HT205637	Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:libexpat_project:libexpat:1.95.1:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.2:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.4:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.5:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.6:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.7:::::::*
cpe:2.3:a:libexpat_project:libexpat:1.95.8:::::::*
cpe:2.3:a:libexpat_project:libexpat:2.0.0:::::::*
cpe:2.3:a:libexpat_project:libexpat::::::::		2.0.1