5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.025 Low
EPSS
Percentile
89.9%
Daniel Veilland reports:
Enforce the reader to run in constant memory. One of the
operation on the reader could resolve entities leading to
the classic expansion issue. Make sure the buffer used for
xmlreader operation is bounded. Introduce a new allocation
type for the buffers for this effect.