Back to search
CVE-2009-2473
Published: Aug 21, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[neon] 20090818 neon: release 0.28.6 (SECURITY)
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:9461
vdb-entry
signature
x_refsource_OVAL
http://support.apple.com/kb/HT4435
x_refsource_CONFIRM
SUSE-SR:2009:018
vendor-advisory
x_refsource_SUSE
ADV-2009-2341
vdb-entry
x_refsource_VUPEN
MDVSA-2009:221
vendor-advisory
x_refsource_MANDRIVA
APPLE-SA-2010-11-10-1
vendor-advisory
x_refsource_APPLE
RHSA-2013:0131
vendor-advisory
x_refsource_REDHAT
36371
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-8815
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-8794
vendor-advisory
x_refsource_FEDORA
neon-xml-dos(52633)
vdb-entry
x_refsource_XF
[neon] 20090818 CVE-2009-2473: fix for "billion laughs" attack against expat
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now