Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1564

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2003-1564
Last Modified 24 Oct 2008 12:30:02
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1564

Summary

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Vulnerable Systems

Application

  • Xmlsoft Libxml2 1.7.0

  • Xmlsoft Libxml2 1.7.1

  • Xmlsoft Libxml2 1.7.2

  • Xmlsoft Libxml2 1.7.3

  • Xmlsoft Libxml2 1.7.4

  • Xmlsoft Libxml2 1.8.0

  • Xmlsoft Libxml2 1.8.1

  • Xmlsoft Libxml2 1.8.10

  • Xmlsoft Libxml2 1.8.13

  • Xmlsoft Libxml2 1.8.14

  • Xmlsoft Libxml2 1.8.16

  • Xmlsoft Libxml2 1.8.2

  • Xmlsoft Libxml2 1.8.3

  • Xmlsoft Libxml2 1.8.4

  • Xmlsoft Libxml2 1.8.5

  • Xmlsoft Libxml2 1.8.6

  • Xmlsoft Libxml2 1.8.7

  • Xmlsoft Libxml2 1.8.9

  • Xmlsoft Libxml2 2.0.0

  • Xmlsoft Libxml2 2.1.0

  • Xmlsoft Libxml2 2.1.1

  • Xmlsoft Libxml2 2.2.0

  • Xmlsoft Libxml2 2.2.1

  • Xmlsoft Libxml2 2.2.10

  • Xmlsoft Libxml2 2.2.11

  • Xmlsoft Libxml2 2.2.2

  • Xmlsoft Libxml2 2.2.3

  • Xmlsoft Libxml2 2.2.4

  • Xmlsoft Libxml2 2.2.5

  • Xmlsoft Libxml2 2.2.6

  • Xmlsoft Libxml2 2.2.7

  • Xmlsoft Libxml2 2.2.8

  • Xmlsoft Libxml2 2.2.9

  • Xmlsoft Libxml2 2.3.0

  • Xmlsoft Libxml2 2.3.1

  • Xmlsoft Libxml2 2.3.10

  • Xmlsoft Libxml2 2.3.11

  • Xmlsoft Libxml2 2.3.12

  • Xmlsoft Libxml2 2.3.13

  • Xmlsoft Libxml2 2.3.14

  • Xmlsoft Libxml2 2.3.2

  • Xmlsoft Libxml2 2.3.3

  • Xmlsoft Libxml2 2.3.4

  • Xmlsoft Libxml2 2.3.5

  • Xmlsoft Libxml2 2.3.6

  • Xmlsoft Libxml2 2.3.7

  • Xmlsoft Libxml2 2.3.8

  • Xmlsoft Libxml2 2.3.9

  • Xmlsoft Libxml2 2.4.1

  • Xmlsoft Libxml2 2.4.10

  • Xmlsoft Libxml2 2.4.11

  • Xmlsoft Libxml2 2.4.12

  • Xmlsoft Libxml2 2.4.13

  • Xmlsoft Libxml2 2.4.14

  • Xmlsoft Libxml2 2.4.15

  • Xmlsoft Libxml2 2.4.16

  • Xmlsoft Libxml2 2.4.17

  • Xmlsoft Libxml2 2.4.18

  • Xmlsoft Libxml2 2.4.19

  • Xmlsoft Libxml2 2.4.2

  • Xmlsoft Libxml2 2.4.20

  • Xmlsoft Libxml2 2.4.21

  • Xmlsoft Libxml2 2.4.22

  • Xmlsoft Libxml2 2.4.23

  • Xmlsoft Libxml2 2.4.24

  • Xmlsoft Libxml2 2.4.25

  • Xmlsoft Libxml2 2.4.26

  • Xmlsoft Libxml2 2.4.27

  • Xmlsoft Libxml2 2.4.28

  • Xmlsoft Libxml2 2.4.29

  • Xmlsoft Libxml2 2.4.3

  • Xmlsoft Libxml2 2.4.30

  • Xmlsoft Libxml2 2.4.4

  • Xmlsoft Libxml2 2.4.5

  • Xmlsoft Libxml2 2.4.6

  • Xmlsoft Libxml2 2.4.7

  • Xmlsoft Libxml2 2.4.8

  • Xmlsoft Libxml2 2.4.9

  • Xmlsoft Libxml2 2.5.0


References

MISC - http://xmlsoft.org/news.html

MLIST - [xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services

REDHAT - RHSA-2008:0886

MISC - http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2

SECUNIA - 31868

MLIST - [xml] 20080820 Security fix for libxml2


Last Updated: 27 May 2016 10:38:24