Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2188

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2188
Last Modified 28 Jun 2011 12:00:00
Published 20 Jun 2011 10:52:43
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2188

Summary

LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Systems

Application

  • Matthewwild Luaexpat 1.0

  • Matthewwild Luaexpat 1.0.1

  • Matthewwild Luaexpat 1.0.2

  • Matthewwild Luaexpat 1.1.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=711027

XF - luaexpat-xml-dos(67862)

BID - 48123

MLIST - [oss-security] 20110606 CVE Request -- LuaExpat -- Prone to XML

MLIST - [oss-security] 20110606 Re: CVE Request -- LuaExpat -- Prone to XML

SECUNIA - 44866

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629225

MLIST - [oss-security] 20110606 CVE Request -- LuaExpat -- Prone to XML "billion laughs attack"

MLIST - [oss-security] 20110606 Re: CVE Request -- LuaExpat -- Prone to XML "billion laughs attack"


Last Updated: 27 May 2016 10:53:52