Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2003-1564

Published: 31/12/2003 Updated: 02/02/2024
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Xmlsoft

Vulnerability Summary

libxml2, possibly prior to 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2

Vendor Advisories

Debian CVElist Bug Report Logs: libxml2: CVE-2021-3541: Exponential entity expansion attack bypasses all existing protection mechanisms
Debian Bug report logs - #988603 libxml2: CVE-2021-3541: Exponential entity expansion attack bypasses all existing protection mechanisms Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: ...
Debian CVElist Bug Report Logs: snakeyaml: CVE-2017-18640
Debian Bug report logs - #952683 snakeyaml: CVE-2017-18640 Package: src:snakeyaml; Maintainer for src:snakeyaml is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 27 Feb 2020 14:21:02 UTC Severity: important Tags: security, upstr ...
Debian CVElist Bug Report Logs: qtbase-opensource-src: CVE-2015-9541
Debian Bug report logs - #951066 qtbase-opensource-src: CVE-2015-9541 Package: src:qtbase-opensource-src; Maintainer for src:qtbase-opensource-src is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 10 Feb 2020 15:27:01 UTC Severity: importan ...

References

CWE-776http://mail.gnome.org/archives/xml/2008-August/msg00034.htmlhttp://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2http://xmlsoft.org/news.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0886.htmlhttp://secunia.com/advisories/31868http://www.stylusstudio.com/xmldev/200302/post20020.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988603
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook