CVE-2013-0338
N/A
N/A
Summary
libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/52662
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=912400
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html
- http://marc.info/?l=bugtraq&m=142798889927587&w=2
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.debian.org/security/2013/dsa-2652
- http://marc.info/?l=bugtraq&m=142798889927587&w=2
- http://secunia.com/advisories/55568
- https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
- http://www.ubuntu.com/usn/USN-1782-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
References
- http://secunia.com/advisories/52662
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=912400
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html
- http://marc.info/?l=bugtraq&m=142798889927587&w=2
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.debian.org/security/2013/dsa-2652
- http://marc.info/?l=bugtraq&m=142798889927587&w=2
- http://secunia.com/advisories/55568
- https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
- http://www.ubuntu.com/usn/USN-1782-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.