QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0340

Published: Jan 21, 2014

Modified: Nov 25, 2025

PUBLISHED

Description

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Vendor	Product	Versions
Unknown	libexpat	affected `0 - < 2.4.0`

References

[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion

mailing-list

x_refsource_MLIST

[oss-security] 20130413 Re-evaluating expat/libxml2 CVE assignments

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_GENTOO

vdb-entry

x_refsource_BID

https://support.apple.com/kb/HT212805

x_refsource_CONFIRM

https://support.apple.com/kb/HT212804

x_refsource_CONFIRM

https://support.apple.com/kb/HT212807

x_refsource_CONFIRM

https://support.apple.com/kb/HT212819

x_refsource_CONFIRM

https://support.apple.com/kb/HT212814

x_refsource_CONFIRM

https://support.apple.com/kb/HT212815

x_refsource_CONFIRM

20210921 APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

mailing-list

x_refsource_FULLDISC

20210921 APPLE-SA-2021-09-20-2 watchOS 8

mailing-list

x_refsource_FULLDISC

20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

mailing-list

x_refsource_FULLDISC

20210921 APPLE-SA-2021-09-20-3 tvOS 15

mailing-list

x_refsource_FULLDISC

20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8

mailing-list

x_refsource_FULLDISC

20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6

mailing-list

x_refsource_FULLDISC

[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs

mailing-list

x_refsource_MLIST

[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs

mailing-list

x_refsource_MLIST

[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs

mailing-list

x_refsource_MLIST

20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8

mailing-list

x_refsource_FULLDISC

20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15

mailing-list

x_refsource_FULLDISC

20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15

mailing-list

x_refsource_FULLDISC

Expat 2.4.0 and 2.4.1 Changelog

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.