FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 -- cpu consumption Dos

Affected packages
libxml2 < 2.8.0

Details

VuXML ID 843a4641-9816-11e2-9c51-080027019be0
Discovery 2013-02-21
Entry 2013-03-29

Kurt Seifried reports:

libxml2 is affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.)..

[source]

References

CVE Name CVE-2013-0338
CVE Name CVE-2013-0339
URL http://seclists.org/oss-sec/2013/q1/391
URL https://security-tracker.debian.org/tracker/CVE-2013-0338
URL https://security-tracker.debian.org/tracker/CVE-2013-0339

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.