CVE-2021-40439

Description

Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted XML files. ODF files consist of a set of XML files. All versions of Apache OpenOffice up to 4.1.10 are subject to this issue. expat in version 4.1.11 is patched.

Related CPE's

a apache openoffice ********

References

https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E

Mailing ListVendor Advisory

[announce] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs

Mailing ListVendor Advisory

[openoffice-users] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs

Mailing ListVendor Advisory

[oss-security] 20211007 CVE-2021-40439: Apache OpenOffice: Billion Laughs

Mailing ListThird Party Advisory

CvssV3 impact

BaseSeverity	MEDIUM
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	6.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version	3.1
UserInteraction	REQUIRED

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	NONE
AvailabilityImpact	PARTIAL
IntegrityImpact	NONE
BaseScore	4.3
VectorString	AV:N/AC:M/Au:N/C:N/I:N/A:P
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io