Nixpkgs security tracker

Permalink CVE-2018-25282

6.2 MEDIUM

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 4 weeks, 1 day ago by @LeSuisse Activity log

Created suggestion 4 weeks, 1 day ago
@LeSuisse dismissed 4 weeks, 1 day ago

Nmap 7.70 Denial of Service via XML Entity Expansion

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.

References

ExploitDB-45357 exploit
Product Reference product
VulnCheck Advisory: Nmap 7.70 Denial of Service via XML Entity Expansion third-party-advisory

Affected products

ZenMap

==7.70

Matching in nixpkgs

pkgs.zenmap

Offical nmap Security Scanner GUI

nixos-unstable 7.99
- nixpkgs-unstable 7.99
- nixos-unstable-small 7.99
nixos-25.11 7.98
- nixos-25.11-small 7.98
- nixpkgs-25.11-darwin 7.98

Package maintainers

@dvaerum Dennis Værum <nixpkgs-maintainer@varum.dk>
@mymindstorm Brendan Early <mymindstorm@evermiss.net>

Current stable release was never impacted

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.zenmap

Package maintainers