Lucene search

K
freebsdFreeBSD9C7177FF-1FE1-11E5-9A01-BCAEC565249C
HistoryApr 14, 2015 - 12:00 a.m.

libxml2 -- Enforce the reader to run in constant memory

2015-04-1400:00:00
vuxml.freebsd.org
22

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.025

Percentile

90.1%

Daniel Veilland reports:

Enforce the reader to run in constant memory. One of the
operation on the reader could resolve entities leading to
the classic expansion issue. Make sure the buffer used for
xmlreader operation is bounded. Introduce a new allocation
type for the buffers for this effect.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS

0.025

Percentile

90.1%