First published: Wed Aug 06 2008(Updated: )
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Xmlsoft Libxml2 | =2.4.19 | |
Xmlsoft Libxml2 | =2.6.11 | |
Xmlsoft Libxml2 | =2.6.13 | |
Xmlsoft Libxml2 | =2.6.14 | |
Xmlsoft Libxml2 | =2.6.2 | |
Xmlsoft Libxml2 | <=2.6.32 | |
Xmlsoft Libxml2 | =2.5.11 | |
Xmlsoft Libxml2 | =2.6.1 | |
Xmlsoft Libxml2 | =2.4.23 | |
Xmlsoft Libxml2 | =2.6.12 | |
Xmlsoft Libxml2 | =2.6.0 | |
Xmlsoft Libxml2 | =2.5.4 | |
Xmlsoft Libxml2 | =2.5.10 | |
Xmlsoft Libxml2 | =2.6.3 | |
Apple Safari | <4.0 | |
Apple iPhone OS | >=1.0.0<3.0 | |
Fedoraproject Fedora | =9 | |
Canonical Ubuntu Linux | =6.06 | |
Canonical Ubuntu Linux | =7.04 | |
Canonical Ubuntu Linux | =7.10 | |
Canonical Ubuntu Linux | =8.04 | |
Debian Debian Linux | =4.0 | |
Redhat Enterprise Linux Desktop | =3.0 | |
Redhat Enterprise Linux Desktop | =4.0 | |
Redhat Enterprise Linux Desktop | =5.0 | |
Redhat Enterprise Linux Eus | =4.7 | |
Redhat Enterprise Linux Eus | =5.2 | |
Redhat Enterprise Linux Server | =2.0 | |
Redhat Enterprise Linux Server | =3.0 | |
Redhat Enterprise Linux Server | =4.0 | |
Redhat Enterprise Linux Server | =5.0 | |
Redhat Enterprise Linux Workstation | =2.0 | |
Redhat Enterprise Linux Workstation | =3.0 | |
Redhat Enterprise Linux Workstation | =4.0 | |
Redhat Enterprise Linux Workstation | =5.0 | |
VMware ESX | =2.5.4 | |
VMware ESX | =2.5.5 | |
VMware ESX | =3.0.2 | |
VMware ESX | =3.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.