FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-0338

This CVE name corresponds to:

Entered Topic
2013-03-29 libxml2 -- cpu consumption Dos

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-0338 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-0338
Phase Assigned(20121206)

Description

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

References

Source Reference
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=912400
CONFIRM https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
DEBIAN DSA-2652
HP HPSBGN03302
HP SSRT101996
MANDRIVA MDVSA-2013:056
SUSE openSUSE-SU-2013:0552
SUSE openSUSE-SU-2013:0555
SUSE SUSE-SU-2013:1627
UBUNTU USN-1782-1
SECUNIA 52662
SECUNIA 55568

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.