FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

texproc/expat2 -- billion laugh attack

Affected packages
expat < 2.4.1


VuXML ID 5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9
Discovery 2013-02-21
Entry 2021-05-24

Kurt Seifried reports:

So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.).

A billion laughs attack is a type of denial-of-service attack which is aimed at parsers of XML documents.


CVE Name CVE-2013-0340