QwikSec

Security Database

CVE

CWE

Training

CVE-2003-1564

Published: Sep 2, 2008

Modified: Aug 8, 2024

PUBLISHED

Description

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

http://xmlsoft.org/news.html

x_refsource_MISC

[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services

mailing-list

x_refsource_MLIST

http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2

x_refsource_MISC

[xml] 20080820 Security fix for libxml2

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.