Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
BID:59000
Info
Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
| Bugtraq ID: | 59000 |
| Class: | Unknown |
| CVE: |
CVE-2013-0339 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 26 2013 12:00AM |
| Updated: | Mar 19 2015 09:15AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
XMLSoft Libxml2 2.7.8 XMLSoft Libxml2 2.7.7 XMLSoft Libxml2 2.7.6 XMLSoft Libxml2 2.7.5 XMLSoft Libxml2 2.7.4 XMLSoft Libxml2 2.7.3 XMLSoft Libxml2 2.7.2 XMLSoft Libxml2 2.7.1 XMLSoft Libxml2 2.7 XMLSoft Libxml2 2.6.32 XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxml2 2.6.26 XMLSoft Libxml2 2.6.22 XMLSoft Libxml2 2.6.20 XMLSoft Libxml2 2.6.18 XMLSoft Libxml2 2.6.17 XMLSoft Libxml2 2.6.16 XMLSoft Libxml2 2.6.15 XMLSoft Libxml2 2.6.14 XMLSoft Libxml2 2.6.14 XMLSoft Libxml2 2.6.13 XMLSoft Libxml2 2.6.13 XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.11 XMLSoft Libxml2 2.6.11 XMLSoft Libxml2 2.6.9 XMLSoft Libxml2 2.6.8 XMLSoft Libxml2 2.6.7 XMLSoft Libxml2 2.6.6 XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6 .0 XMLSoft Libxml2 2.5.11 XMLSoft Libxml2 2.5.11 XMLSoft Libxml2 2.5.10 XMLSoft Libxml2 2.5.10 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.4 XMLSoft Libxml2 2.5.1 XMLSoft Libxml2 2.4.30 XMLSoft Libxml2 2.4.29 XMLSoft Libxml2 2.4.28 XMLSoft Libxml2 2.4.27 XMLSoft Libxml2 2.4.26 XMLSoft Libxml2 2.4.24 XMLSoft Libxml2 2.4.23 XMLSoft Libxml2 2.4.22 XMLSoft Libxml2 2.4.21 XMLSoft Libxml2 2.4.20 XMLSoft Libxml2 2.4.19 XMLSoft Libxml2 2.4.18 XMLSoft Libxml2 2.4.17 XMLSoft Libxml2 2.4.16 XMLSoft Libxml2 2.4.15 XMLSoft Libxml2 2.4.14 XMLSoft Libxml2 2.4.13 XMLSoft Libxml2 2.4.12 XMLSoft Libxml2 2.4.11 XMLSoft Libxml2 2.4.10 XMLSoft Libxml2 2.4.9 XMLSoft Libxml2 2.4.8 XMLSoft Libxml2 2.4.7 XMLSoft Libxml2 2.4.6 XMLSoft Libxml2 2.4.5 XMLSoft Libxml2 2.4.4 XMLSoft Libxml2 2.4.3 XMLSoft Libxml2 2.4.2 XMLSoft Libxml2 2.3.14 XMLSoft Libxml2 2.3.13 XMLSoft Libxml2 2.3.12 XMLSoft Libxml2 2.3.10 XMLSoft Libxml2 2.3.8 XMLSoft Libxml2 2.3.8 XMLSoft Libxml2 2.3.7 XMLSoft Libxml2 2.3.6 XMLSoft Libxml2 2.3.5 XMLSoft Libxml2 2.3.4 XMLSoft Libxml2 2.2.11 XMLSoft Libxml2 2.2.10 XMLSoft Libxml2 2.2.7 XMLSoft Libxml2 2.2.6 XMLSoft Libxml2 2.2.5 XMLSoft Libxml2 2.2.4 XMLSoft Libxml2 2.2.3 XMLSoft Libxml2 2.2 beta XMLSoft Libxml2 1.8.14 XMLSoft Libxml2 1.8.10 XMLSoft Libxml2 1.8.9 XMLSoft Libxml2 1.8.5 XMLSoft Libxml2 1.8.4 XMLSoft Libxml2 1.8.3 XMLSoft Libxml2 1.8.3 XMLSoft Libxml2 1.8.1 XMLSoft Libxml2 1.8.1 XMLSoft Libxml2 1.7.4 XMLSoft Libxml2 1.7 XMLSoft Libxml2 2.6.9 XMLSoft Libxml2 2.6.8 XMLSoft Libxml2 2.6.7 XMLSoft Libxml2 2.6.6 XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.27 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6.0 XMLSoft Libxml2 2.5.7 XMLSoft Libxml2 2.5.0 XMLSoft Libxml2 2.4.25 XMLSoft Libxml2 2.4.23 XMLSoft Libxml2 2.4.1 XMLSoft Libxml2 2.3.3 XMLSoft Libxml2 2.3.2 XMLSoft Libxml2 2.3.11 XMLSoft Libxml2 2.3.1 XMLSoft Libxml2 2.3.0 XMLSoft Libxml2 2.2.9 XMLSoft Libxml2 2.2.8 XMLSoft Libxml2 2.2.2 XMLSoft Libxml2 2.2.1 XMLSoft Libxml2 2.2.0 XMLSoft Libxml2 2.1.1 XMLSoft Libxml2 2.1.0 XMLSoft Libxml2 2.0.0 XMLSoft Libxml2 1.8.7 XMLSoft Libxml2 1.8.6 XMLSoft Libxml2 1.8.16 XMLSoft Libxml2 1.8.13 XMLSoft Libxml2 1.7.3 XMLSoft Libxml2 1.7.2 XMLSoft Libxml2 1.7.1 Ubuntu Ubuntu Linux 12.04 LTS i386 Ubuntu Ubuntu Linux 12.04 LTS amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE SUSE Linux Enterprise Server 10 SP3 LTSS Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: | |
Discussion
Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
Libxml2 is prone to a denial-of-service vulnerability.
Successful exploits will allow attackers to consume large amounts of memory and cause a crash through a specially crafted XML containing malicious attributes.
Note: This issue was previously covered in BID 58180 (Libxml2 Entity Expansion Multiple Denial of Service Vulnerabilities), but has been given its own record to better document it.
Libxml2 is prone to a denial-of-service vulnerability.
Successful exploits will allow attackers to consume large amounts of memory and cause a crash through a specially crafted XML containing malicious attributes.
Note: This issue was previously covered in BID 58180 (Libxml2 Entity Expansion Multiple Denial of Service Vulnerabilities), but has been given its own record to better document it.
Exploit / POC
Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution / Fix
Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Libxml2 Entities Expansion CVE-2013-0339 Denial of Service Vulnerability
References:
References:
- CVE-2013-0339 libxml2: CPU consumption DoS and other effects when performing str (Red Hat Bugzilla)
- CVEs for libxml2 and expat internal and external XML entity expansion (SECLISTS)
- libxml2 Commit (xmlsoft)
- libxml2 Homepage (xmlsoft)