libxml2 - Denial of Service Vulnerability

2008-10-02T00:00:00
ID EDB-ID:32454
Type exploitdb
Reporter Christian Weiske
Modified 2008-10-02T00:00:00

Description

libxml2 Denial of Service Vulnerability. CVE-2008-4409. Dos exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/31555/info

The libxml2 library is prone to a denial-of-service vulnerability caused by an error when handling files using entities in entity definitions.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

The issue affects libxml2 2.7 prior to 2.7.2. 

XML file:

<?xml version='1.0' ?>
<!DOCTYPE test [
<!ENTITY ampproblem '&'>
]>
<t a="&ampproblem;">a</t>