Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD89709E58-D497-11E3-A3D5-5453ED2E2B49
HistoryDec 05, 2013 - 12:00 a.m.

qt4-xml -- XML Entity Expansion Denial of Service

2013-12-0500:00:00
vuxml.freebsd.org
8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON

Richard J. Moore reports:

QXmlSimpleReader in Qt versions prior to 5.2 supports
expansion of internal entities in XML documents without
placing restrictions to ensure the document does not cause
excessive memory usage. If an application using this API
processes untrusted data then the application may use
unexpected amounts of memory if a malicious document is
processed.
It is possible to construct XML documents using internal
entities that consume large amounts of memory and other
resources to process, this is known as the ‘Billion Laughs’
attack. Qt versions prior to 5.2 did not offer protection
against this issue.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchqt4-xml< 4.8.6UNKNOWN

Related

openvas 30
nessus 17
fedora 14
mageia 3
securityvulns 2
gentoo 1
cve 1
prion 1
debiancve 1
ubuntu 1
ubuntucve 1
openvas
openvas
Fedora Update for qt5-qtbase FEDORA-2014-5680
2014-05-12 00:00:00
Fedora Update for qt3 FEDORA-2013-22847
2014-02-03 00:00:00
Fedora Update for qt5-qtbase FEDORA-2014-5710
2014-05-12 00:00:00
nessus
nessus
FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)
2014-05-06 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)
2013-12-18 00:00:00
Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)
2014-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: qt5-qtbase-5.2.1-8.fc19
2014-05-06 03:32:31
[SECURITY] Fedora 19 Update: qt3-3.3.8b-56.fc19
2014-01-23 11:11:04
[SECURITY] Fedora 20 Update: qt3-3.3.8b-56.fc20
2014-01-23 11:18:08
mageia
mageia
Updated qt5 packages fix security vulnerability.
2014-03-03 23:58:12
Updated qt4 package fixes security vulnerability
2014-01-17 04:20:35
Updated qt3 packages fix security vulnerabilities
2014-06-18 22:02:44
securityvulns
securityvulns
QT resources exhaustion
2013-12-24 00:00:00
[USN-2057-1] Qt vulnerability
2013-12-24 00:00:00
gentoo
gentoo
QtCore: Denial of service
2014-03-13 00:00:00
cve
cve
CVE-2013-4549
2013-12-23 22:55:00
prion
prion
Code injection
2013-12-23 22:55:00
debiancve
debiancve
CVE-2013-4549
2013-12-23 22:55:00
ubuntu
ubuntu
Qt vulnerability
2013-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2013-4549
2013-12-05 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.7%

JSON
Related for 89709E58-D497-11E3-A3D5-5453ED2E2B49
openvas30nessus17fedora14mageia3securityvulns2gentoo1cve1prion1debiancve1ubuntu1ubuntucve1