Ubuntu.comUB:CVE-2021-4249CVE-2021-4249
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
49.7%
A vulnerability was found in xml-conduit. It has been classified as
problematic. Affected is an unknown function of the file
xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity
Expansion Handler. The manipulation leads to infinite loop. It is possible
to launch the attack remotely. Upgrading to version 1.9.1.0 is able to
address this issue. The name of the patch is
4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the
affected component. The identifier of this vulnerability is VDB-216204.
Notes
| Author | Note |
|---|---|
| eslerm | CVE possibly assigned based on commit message |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | haskell-xml-conduit | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | haskell-xml-conduit | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | haskell-xml-conduit | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | haskell-xml-conduit | < any | UNKNOWN |
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
49.7%