Computer Security
[EN] securityvulns.ru no-pyccku


libxml DoS
Published:27.10.2014
Source:
SecurityVulns ID:14055
Type:library
Threat Level:
5/10
Description:Resources exhaustion on XML parsing.
Affected:LIBXML : libxml 2.7
CVE:CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.)
Original documentdocumentMANDRIVA, [ MDVSA-2014:204 ] libxml2 (27.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod