FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 -- Possible denial of service

Affected packages
libxml2 < 2.9.10_4

Details

VuXML ID 524bd03a-bb75-11eb-bf35-080027f515ea
Discovery 2021-05-18
Entry 2021-05-23

Daniel Veillard reports:

A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.

[source]

References

CVE Name CVE-2021-3541
URL https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e
URL https://ubuntu.com/security/CVE-2021-3541

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.