Описание
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gsoap | fixed | 2.8.135-1 | package | |
| gsoap | no-dsa | bookworm | package | |
| gsoap | postponed | bullseye | package |
Примечания
https://www.genivia.com/advisory.html#Upgrade_recommendation_when_option_-c++11_is_used_to_generate_C++11_source_code
https://www.genivia.com/changelog.html#Version_2.8.133_(03/21/2024)
Fixed by: https://sourceforge.net/p/gsoap2/code/222/
EPSS
Связанные уязвимости
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS.
Уязвимость компонента XML Parser среды разработки программного обеспечения gSOAP, позволяющая нарушителю вызвать отказ в обслуживании
EPSS