Lucene search

K
archlinuxArch LinuxASA-201410-12
HistoryOct 24, 2014 - 12:00 a.m.

libxml2: Denial of service

2014-10-2400:00:00
Arch Linux
lists.archlinux.org
22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

88.6%

Daniel Berrange discovered that libxml2 incorrectly performs entity
substitution in the doctype prolog, even if the application using
libxml2 disabled any entity substitution. A remote attacker could
provide a specially crafted XML file that, when processed, leads to the
exhaustion of CPU and memory resources or file descriptors.

OSVersionArchitecturePackageVersionFilename
anyanyanylibxml2< 2.9.2-1UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

88.6%