Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-3660
Description:parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
Test IDs: 1.3.6.1.4.1.25623.1.0.871272   1.3.6.1.4.1.25623.1.0.882067   1.3.6.1.4.1.25623.1.0.703057   1.3.6.1.4.1.25623.1.0.868410   1.3.6.1.4.1.25623.1.0.842014   1.3.6.1.4.1.25623.1.0.868508   1.3.6.1.4.1.25623.1.0.120429   1.3.6.1.4.1.25623.1.0.121292   1.3.6.1.4.1.25623.1.0.123279   1.3.6.1.4.1.25623.1.0.123052   1.3.6.1.4.1.25623.1.0.123243   1.3.6.1.4.1.25623.1.0.123148   1.3.6.1.4.1.25623.1.0.122794   1.3.6.1.4.1.25623.1.1.4.2015.0003.1   1.3.6.1.4.1.25623.1.1.4.2014.1440.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-3660
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
BugTraq ID: 70644
http://www.securityfocus.com/bid/70644
Debian Security Information: DSA-3057 (Google Search)
http://www.debian.org/security/2014/dsa-3057
http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diff
https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
http://www.openwall.com/lists/oss-security/2014/10/17/7
RedHat Security Advisories: RHSA-2014:1655
http://rhn.redhat.com/errata/RHSA-2014-1655.html
RedHat Security Advisories: RHSA-2014:1885
http://rhn.redhat.com/errata/RHSA-2014-1885.html
http://secunia.com/advisories/59903
http://secunia.com/advisories/61965
http://secunia.com/advisories/61966
http://secunia.com/advisories/61991
SuSE Security Announcement: openSUSE-SU-2014:1330 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html
SuSE Security Announcement: openSUSE-SU-2015:2372 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
http://www.ubuntu.com/usn/USN-2389-1




© 1998-2024 E-Soft Inc. All rights reserved.