Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-3660

Published: 04/11/2014 Updated: 08/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Xmlsoft

Vulnerability Summary

parser.c in libxml2 prior to 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2 2.8.0

xmlsoft libxml2 2.2.10

xmlsoft libxml2 2.2.11

xmlsoft libxml2 2.2.8

xmlsoft libxml2 2.2.9

xmlsoft libxml2 2.3.2

xmlsoft libxml2 2.3.3

xmlsoft libxml2 2.4.1

xmlsoft libxml2 2.4.10

xmlsoft libxml2 2.4.17

xmlsoft libxml2 2.4.18

xmlsoft libxml2 2.4.25

xmlsoft libxml2 2.4.26

xmlsoft libxml2 2.4.5

xmlsoft libxml2 2.4.6

xmlsoft libxml2 2.5.4

xmlsoft libxml2 2.5.7

xmlsoft libxml2 2.6.16

xmlsoft libxml2 2.6.17

xmlsoft libxml2 2.6.24

xmlsoft libxml2 2.6.25

xmlsoft libxml2 2.6.31

xmlsoft libxml2 2.6.32

xmlsoft libxml2 2.6.4

xmlsoft libxml2 2.7.1

xmlsoft libxml2 2.7.2

xmlsoft libxml2 2.9.0

xmlsoft libxml2 2.1.1

xmlsoft libxml2 2.2.0

xmlsoft libxml2 2.2.4

xmlsoft libxml2 2.2.5

xmlsoft libxml2 2.3.10

xmlsoft libxml2 2.3.11

xmlsoft libxml2 2.3.6

xmlsoft libxml2 2.3.7

xmlsoft libxml2 2.4.13

xmlsoft libxml2 2.4.14

xmlsoft libxml2 2.4.20

xmlsoft libxml2 2.4.21

xmlsoft libxml2 2.4.22

xmlsoft libxml2 2.4.29

xmlsoft libxml2 2.4.3

xmlsoft libxml2 2.4.9

xmlsoft libxml2 2.5.0

xmlsoft libxml2 2.6.11

xmlsoft libxml2 2.6.12

xmlsoft libxml2 2.6.20

xmlsoft libxml2 2.6.21

xmlsoft libxml2 2.6.28

xmlsoft libxml2 2.6.29

xmlsoft libxml2 2.6.7

xmlsoft libxml2 2.6.8

xmlsoft libxml2 2.7.5

xmlsoft libxml2 2.7.6

xmlsoft libxml2 2.0.0

xmlsoft libxml2 2.1.0

xmlsoft libxml2 2.2.2

xmlsoft libxml2 2.2.3

xmlsoft libxml2 2.3.0

xmlsoft libxml2 2.3.1

xmlsoft libxml2 2.3.4

xmlsoft libxml2 2.3.5

xmlsoft libxml2 2.4.11

xmlsoft libxml2 2.4.12

xmlsoft libxml2 2.4.19

xmlsoft libxml2 2.4.2

xmlsoft libxml2 2.4.27

xmlsoft libxml2 2.4.28

xmlsoft libxml2 2.4.7

xmlsoft libxml2 2.4.8

xmlsoft libxml2 2.5.8

xmlsoft libxml2 2.6.0

xmlsoft libxml2 2.6.1

xmlsoft libxml2 2.6.18

xmlsoft libxml2 2.6.2

xmlsoft libxml2 2.6.26

xmlsoft libxml2 2.6.27

xmlsoft libxml2 2.6.5

xmlsoft libxml2 2.6.6

xmlsoft libxml2 2.7.3

xmlsoft libxml2 2.7.4

xmlsoft libxml2

xmlsoft libxml2 2.2.1

xmlsoft libxml2 2.2.6

xmlsoft libxml2 2.2.7

xmlsoft libxml2 2.3.12

xmlsoft libxml2 2.3.13

xmlsoft libxml2 2.3.14

xmlsoft libxml2 2.3.8

xmlsoft libxml2 2.3.9

xmlsoft libxml2 2.4.15

xmlsoft libxml2 2.4.16

xmlsoft libxml2 2.4.23

xmlsoft libxml2 2.4.24

xmlsoft libxml2 2.4.30

xmlsoft libxml2 2.4.4

xmlsoft libxml2 2.5.10

xmlsoft libxml2 2.5.11

xmlsoft libxml2 2.6.13

xmlsoft libxml2 2.6.14

xmlsoft libxml2 2.6.22

xmlsoft libxml2 2.6.23

xmlsoft libxml2 2.6.3

xmlsoft libxml2 2.6.30

xmlsoft libxml2 2.6.9

xmlsoft libxml2 2.7.0

xmlsoft libxml2 2.7.7

xmlsoft libxml2 2.7.8

redhat enterprise linux 5.0

debian debian linux 7.0

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

canonical ubuntu linux 10.04

apple mac os x

Vendor Advisories

Ubuntu Security Notice: libxml2 vulnerability
libxml2 could be made to consume resources if it processed a specially crafted file ...
Debian CVElist Bug Report Logs: CVE-2014-3660 libxml2 billion laugh variant
Debian Bug report logs - #765722 CVE-2014-3660 libxml2 billion laugh variant Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Fri, 17 Oct 2014 ...
Debian CVElist Bug Report Logs: libxml2: CVE-2015-1819: denial of service processing a crafted XML document
Debian Bug report logs - #782782 libxml2: CVE-2015-1819: denial of service processing a crafted XML document Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 Apr 2015 19:39:02 UT ...
Debian CVElist Bug Report Logs: libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access
Debian Bug report logs - #782985 libxml2: parsing an unclosed comment can result in `Conditional jump or move depends on uninitialised value(s)` and unsafe memory access Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso & ...
Debian CVElist Bug Report Logs: libxml2: out-of-bounds read
Debian Bug report logs - #783010 libxml2: out-of-bounds read Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 20 Apr 2015 15:27:02 UTC Severity: normal Tags: fixed-upstream, jessie ...
Amazon Linux AMI: ALAS-2014-444
A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entit ...
Red Hat: CVE-2014-3660
A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entit ...

Github Repositories

https://github.com/FlavourSys/nokogiri-strdup-segfault-mwe

A mwe for a segfault that crashes Nokogiri for us

Nokogiri Segfault This crashes on our a little bit outdated CentOS system I could not reproduce it on a Debian Wheezy Earliest version that crashes is 162rc1, up to latest 1662 Stack trace says this line causes the segmentation fault System uname -a Linux systemxflavoursyslan 3183 #2 SMP Thu Jan 22 14:56:25 CET 2015 x86_64 x86_64 x86_64 GNU/Linux

https://github.com/projectivetech/nokogiri-strdup-segfault-mwe

A mwe for a segfault that crashes Nokogiri for us

Nokogiri Segfault This crashes on our a little bit outdated CentOS system I could not reproduce it on a Debian Wheezy Earliest version that crashes is 162rc1, up to latest 1662 Stack trace says this line causes the segmentation fault System uname -a Linux systemxflavoursyslan 3183 #2 SMP Thu Jan 22 14:56:25 CET 2015 x86_64 x86_64 x86_64 GNU/Linux

Recent Articles

Apple TV can p0wn you in more ways than it entertains you
The Register • Darren Pauli • 26 Feb 2016

Thirty-three fixes flung at Cupertino's telly-enhancer

Apple has patched 33 problems, collectively named in 58 CVEs, in its latest TV-enhancing computer-puck, of which 10 enable arbitrary code execution, six with system privileges. 32 of the flaws hit third-generation Apple TV devices and just one its newer, fatter, fourth-gen beast. The good news is that the changes will automagically appear for those users with automatic updates turned on. The rest are susceptible to nasties like a memory corruption flaw (CVE-2015-5776) that allows remote attacker...

Read more...

References

NVD-CWE-Otherhttps://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.htmlhttp://www.securityfocus.com/bid/70644http://rhn.redhat.com/errata/RHSA-2014-1655.htmlhttp://lists.opensuse.org/opensuse-updates/2014-10/msg00034.htmlhttp://www.openwall.com/lists/oss-security/2014/10/17/7https://bugzilla.redhat.com/show_bug.cgi?id=1149084http://www.debian.org/security/2014/dsa-3057https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diffhttp://www.ubuntu.com/usn/USN-2389-1http://secunia.com/advisories/61991http://secunia.com/advisories/61966http://secunia.com/advisories/61965http://rhn.redhat.com/errata/RHSA-2014-1885.htmlhttp://secunia.com/advisories/59903http://www.mandriva.com/security/advisories?name=MDVSA-2014:244https://support.apple.com/kb/HT205030http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.htmlhttps://support.apple.com/kb/HT205031http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00120.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705https://usn.ubuntu.com/2389-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-3660
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook