4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.012 Low
EPSS
Percentile
85.0%
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a
denial of service (CPU and memory consumption) via an XML file containing
an entity declaration with long replacement text and many references to
this entity, aka “internal entity expansion” with linear complexity.
Author | Note |
---|---|
jdstrand | PoC in oss-sec |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | libxml2 | < 2.6.31.dfsg-2ubuntu1.12 | UNKNOWN |
ubuntu | 10.04 | noarch | libxml2 | < 2.7.6.dfsg-1ubuntu1.8 | UNKNOWN |
ubuntu | 11.10 | noarch | libxml2 | < 2.7.8.dfsg-4ubuntu0.6 | UNKNOWN |
ubuntu | 12.04 | noarch | libxml2 | < 2.7.8.dfsg-5.1ubuntu4.4 | UNKNOWN |
ubuntu | 12.10 | noarch | libxml2 | < 2.8.0+dfsg1-5ubuntu2.2 | UNKNOWN |