Описание
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.9.1+dfsg1-4ubuntu1 |
| esm-infra-legacy/trusty | released | 2.9.1+dfsg1-3ubuntu4.4 |
| lucid | released | 2.7.6.dfsg-1ubuntu1.15 |
| precise | released | 2.7.8.dfsg-5.1ubuntu4.11 |
| trusty | released | 2.9.1+dfsg1-3ubuntu4.4 |
| trusty/esm | released | 2.9.1+dfsg1-3ubuntu4.4 |
| upstream | released | 2.9.2 |
| utopic | released | 2.9.1+dfsg1-4ubuntu1 |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
parser.c in libxml2 before 2.9.2 does not properly prevent entity expa ...
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
EPSS
5 Medium
CVSS2