Required CVE Record Information
Description
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
References 25 Total
- rhn.redhat.com: RHSA-2015:2550 vendor-advisory
- lists.apple.com: APPLE-SA-2016-03-21-5 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2016:0106 vendor-advisory
- https://support.apple.com/HT206167
- https://support.apple.com/HT206168
- debian.org: DSA-3430 vendor-advisory
- https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e
- https://bugzilla.redhat.com/show_bug.cgi?id=1276693
- lists.apple.com: APPLE-SA-2016-03-21-1 vendor-advisory
- http://xmlsoft.org/news.html
- rhn.redhat.com: RHSA-2016:1089 vendor-advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- lists.apple.com: APPLE-SA-2016-03-21-2 vendor-advisory
- ubuntu.com: USN-2834-1 vendor-advisory
- securitytracker.com: 1034243 vdb-entry
- rhn.redhat.com: RHSA-2015:2549 vendor-advisory
- marc.info: HPSBGN03537 vendor-advisory
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- security.gentoo.org: GLSA-201701-37 vendor-advisory
- lists.opensuse.org: openSUSE-SU-2015:2372 vendor-advisory
- lists.apple.com: APPLE-SA-2016-03-21-3 vendor-advisory
- https://support.apple.com/HT206169
- https://support.apple.com/HT206166
- securityfocus.com: 79536 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 25 Total
- rhn.redhat.com: RHSA-2015:2550 vendor-advisoryx_transferred
- lists.apple.com: APPLE-SA-2016-03-21-5 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2016:0106 vendor-advisoryx_transferred
- https://support.apple.com/HT206167 x_transferred
- https://support.apple.com/HT206168 x_transferred
- debian.org: DSA-3430 vendor-advisoryx_transferred
- https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e x_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=1276693 x_transferred
- lists.apple.com: APPLE-SA-2016-03-21-1 vendor-advisoryx_transferred
- http://xmlsoft.org/news.html x_transferred
- rhn.redhat.com: RHSA-2016:1089 vendor-advisoryx_transferred
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html x_transferred
- lists.apple.com: APPLE-SA-2016-03-21-2 vendor-advisoryx_transferred
- ubuntu.com: USN-2834-1 vendor-advisoryx_transferred
- securitytracker.com: 1034243 vdb-entryx_transferred
- rhn.redhat.com: RHSA-2015:2549 vendor-advisoryx_transferred
- marc.info: HPSBGN03537 vendor-advisoryx_transferred
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 x_transferred
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html x_transferred
- security.gentoo.org: GLSA-201701-37 vendor-advisoryx_transferred
- lists.opensuse.org: openSUSE-SU-2015:2372 vendor-advisoryx_transferred
- lists.apple.com: APPLE-SA-2016-03-21-3 vendor-advisoryx_transferred
- https://support.apple.com/HT206169 x_transferred
- https://support.apple.com/HT206166 x_transferred
- securityfocus.com: 79536 vdb-entryx_transferred