Описание
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory.
Отчет
Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libxml2.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxml2 | Will not fix | ||
| Red Hat Enterprise Linux 6 | libxml2 | Fixed | RHSA-2015:1419 | 20.07.2015 |
| Red Hat Enterprise Linux 7 | libxml2 | Fixed | RHSA-2015:2550 | 07.12.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
The xmlreader in libxml allows remote attackers to cause a denial of s ...
ELSA-2015-1419: libxml2 security and bug fix update (LOW)
EPSS
2.6 Low
CVSS2