Project

General

Profile

Bug #1722

Vulnerability in libxml2 allows denial of service

Added by Leonardo Arena about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
Start date:
03/26/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339

If entities expansion in the XML parser is asked for,
it is possble to craft relatively small input document leading
to excessive on-the-fly content generation.
This patch accounts for those replacement and stop parsing
after a given threshold. it can be bypassed as usual with the
HUGE parser option.

Patch: https://git.gnome.org/browse/libxml2/patch/?id=23f05e0c33987d6605387b300c4be5da2120a7ab


Subtasks

Bug #1723: Vulnerability in libxml2 allows denial of serviceClosed

Bug #1724: Vulnerability in libxml2 allows denial of serviceClosed

Bug #1725: Vulnerability in libxml2 allows denial of serviceClosed

Bug #1726: Vulnerability in libxml2 allows denial of serviceClosed

History

#2 Updated by Natanael Copa about 6 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF