CVE-2014-3660

First published: Fri Oct 03 2014(Updated: )

IssueDescription: A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Xmlsoft Libxml2	<=2.9.1
Xmlsoft Libxml2	=2.0.0
Xmlsoft Libxml2	=2.1.0
Xmlsoft Libxml2	=2.1.1
Xmlsoft Libxml2	=2.2.0
Xmlsoft Libxml2	=2.2.0-beta
Xmlsoft Libxml2	=2.2.1
Xmlsoft Libxml2	=2.2.2
Xmlsoft Libxml2	=2.2.3
Xmlsoft Libxml2	=2.2.4
Xmlsoft Libxml2	=2.2.5
Xmlsoft Libxml2	=2.2.6
Xmlsoft Libxml2	=2.2.7
Xmlsoft Libxml2	=2.2.8
Xmlsoft Libxml2	=2.2.9
Xmlsoft Libxml2	=2.2.10
Xmlsoft Libxml2	=2.2.11
Xmlsoft Libxml2	=2.3.0
Xmlsoft Libxml2	=2.3.1
Xmlsoft Libxml2	=2.3.2
Xmlsoft Libxml2	=2.3.3
Xmlsoft Libxml2	=2.3.4
Xmlsoft Libxml2	=2.3.5
Xmlsoft Libxml2	=2.3.6
Xmlsoft Libxml2	=2.3.7
Xmlsoft Libxml2	=2.3.8
Xmlsoft Libxml2	=2.3.9
Xmlsoft Libxml2	=2.3.10
Xmlsoft Libxml2	=2.3.11
Xmlsoft Libxml2	=2.3.12
Xmlsoft Libxml2	=2.3.13
Xmlsoft Libxml2	=2.3.14
Xmlsoft Libxml2	=2.4.1
Xmlsoft Libxml2	=2.4.2
Xmlsoft Libxml2	=2.4.3
Xmlsoft Libxml2	=2.4.4
Xmlsoft Libxml2	=2.4.5
Xmlsoft Libxml2	=2.4.6
Xmlsoft Libxml2	=2.4.7
Xmlsoft Libxml2	=2.4.8
Xmlsoft Libxml2	=2.4.9
Xmlsoft Libxml2	=2.4.10
Xmlsoft Libxml2	=2.4.11
Xmlsoft Libxml2	=2.4.12
Xmlsoft Libxml2	=2.4.13
Xmlsoft Libxml2	=2.4.14
Xmlsoft Libxml2	=2.4.15
Xmlsoft Libxml2	=2.4.16
Xmlsoft Libxml2	=2.4.17
Xmlsoft Libxml2	=2.4.18
Xmlsoft Libxml2	=2.4.19
Xmlsoft Libxml2	=2.4.20
Xmlsoft Libxml2	=2.4.21
Xmlsoft Libxml2	=2.4.22
Xmlsoft Libxml2	=2.4.23
Xmlsoft Libxml2	=2.4.24
Xmlsoft Libxml2	=2.4.25
Xmlsoft Libxml2	=2.4.26
Xmlsoft Libxml2	=2.4.27
Xmlsoft Libxml2	=2.4.28
Xmlsoft Libxml2	=2.4.29
Xmlsoft Libxml2	=2.4.30
Xmlsoft Libxml2	=2.5.0
Xmlsoft Libxml2	=2.5.4
Xmlsoft Libxml2	=2.5.7
Xmlsoft Libxml2	=2.5.8
Xmlsoft Libxml2	=2.5.10
Xmlsoft Libxml2	=2.5.11
Xmlsoft Libxml2	=2.6.0
Xmlsoft Libxml2	=2.6.1
Xmlsoft Libxml2	=2.6.2
Xmlsoft Libxml2	=2.6.3
Xmlsoft Libxml2	=2.6.4
Xmlsoft Libxml2	=2.6.5
Xmlsoft Libxml2	=2.6.6
Xmlsoft Libxml2	=2.6.7
Xmlsoft Libxml2	=2.6.8
Xmlsoft Libxml2	=2.6.9
Xmlsoft Libxml2	=2.6.11
Xmlsoft Libxml2	=2.6.12
Xmlsoft Libxml2	=2.6.13
Xmlsoft Libxml2	=2.6.14
Xmlsoft Libxml2	=2.6.16
Xmlsoft Libxml2	=2.6.17
Xmlsoft Libxml2	=2.6.18
Xmlsoft Libxml2	=2.6.20
Xmlsoft Libxml2	=2.6.21
Xmlsoft Libxml2	=2.6.22
Xmlsoft Libxml2	=2.6.23
Xmlsoft Libxml2	=2.6.24
Xmlsoft Libxml2	=2.6.25
Xmlsoft Libxml2	=2.6.26
Xmlsoft Libxml2	=2.6.27
Xmlsoft Libxml2	=2.6.28
Xmlsoft Libxml2	=2.6.29
Xmlsoft Libxml2	=2.6.30
Xmlsoft Libxml2	=2.6.31
Xmlsoft Libxml2	=2.6.32
Xmlsoft Libxml2	=2.7.0
Xmlsoft Libxml2	=2.7.1
Xmlsoft Libxml2	=2.7.2
Xmlsoft Libxml2	=2.7.3
Xmlsoft Libxml2	=2.7.4
Xmlsoft Libxml2	=2.7.5
Xmlsoft Libxml2	=2.7.6
Xmlsoft Libxml2	=2.7.7
Xmlsoft Libxml2	=2.7.8
Xmlsoft Libxml2	=2.8.0
Xmlsoft Libxml2	=2.9.0
Xmlsoft Libxml2	=2.9.0-rc1
Apple Mac OS X	<=10.10.4
Canonical Ubuntu Linux	=10.04
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Debian Debian Linux	=7.0
Redhat Enterprise Linux	=5.0
redhat/libxml2	<2.9.2	2.9.2

Remedy

http://www.openwall.com/lists/oss-security/2014/10/17/7

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2014-3660
agent/software-canonical-lookup
agent/last-modified-date
agent/author
agent/remedy
agent/references
agent/severity
agent/tags
agent/description
agent/event
vendor/xmlsoft
canonical/xmlsoft libxml2
version/xmlsoft libxml2/2.9.1
version/xmlsoft libxml2/2.0.0
version/xmlsoft libxml2/2.1.0
version/xmlsoft libxml2/2.1.1
version/xmlsoft libxml2/2.2.0
version/xmlsoft libxml2/2.2.0-beta
version/xmlsoft libxml2/2.2.1
version/xmlsoft libxml2/2.2.2
version/xmlsoft libxml2/2.2.3
version/xmlsoft libxml2/2.2.4
version/xmlsoft libxml2/2.2.5
version/xmlsoft libxml2/2.2.6
version/xmlsoft libxml2/2.2.7
version/xmlsoft libxml2/2.2.8
version/xmlsoft libxml2/2.2.9
version/xmlsoft libxml2/2.2.10
version/xmlsoft libxml2/2.2.11
version/xmlsoft libxml2/2.3.0
version/xmlsoft libxml2/2.3.1
version/xmlsoft libxml2/2.3.2
version/xmlsoft libxml2/2.3.3
version/xmlsoft libxml2/2.3.4
version/xmlsoft libxml2/2.3.5
version/xmlsoft libxml2/2.3.6
version/xmlsoft libxml2/2.3.7
version/xmlsoft libxml2/2.3.8
version/xmlsoft libxml2/2.3.9
version/xmlsoft libxml2/2.3.10
version/xmlsoft libxml2/2.3.11
version/xmlsoft libxml2/2.3.12
version/xmlsoft libxml2/2.3.13
version/xmlsoft libxml2/2.3.14
version/xmlsoft libxml2/2.4.1
version/xmlsoft libxml2/2.4.2
version/xmlsoft libxml2/2.4.3
version/xmlsoft libxml2/2.4.4
version/xmlsoft libxml2/2.4.5
version/xmlsoft libxml2/2.4.6
version/xmlsoft libxml2/2.4.7
version/xmlsoft libxml2/2.4.8
version/xmlsoft libxml2/2.4.9
version/xmlsoft libxml2/2.4.10
version/xmlsoft libxml2/2.4.11
version/xmlsoft libxml2/2.4.12
version/xmlsoft libxml2/2.4.13
version/xmlsoft libxml2/2.4.14
version/xmlsoft libxml2/2.4.15
version/xmlsoft libxml2/2.4.16
version/xmlsoft libxml2/2.4.17
version/xmlsoft libxml2/2.4.18
version/xmlsoft libxml2/2.4.19
version/xmlsoft libxml2/2.4.20
version/xmlsoft libxml2/2.4.21
version/xmlsoft libxml2/2.4.22
version/xmlsoft libxml2/2.4.23
version/xmlsoft libxml2/2.4.24
version/xmlsoft libxml2/2.4.25
version/xmlsoft libxml2/2.4.26
version/xmlsoft libxml2/2.4.27
version/xmlsoft libxml2/2.4.28
version/xmlsoft libxml2/2.4.29
version/xmlsoft libxml2/2.4.30
version/xmlsoft libxml2/2.5.0
version/xmlsoft libxml2/2.5.4
version/xmlsoft libxml2/2.5.7
version/xmlsoft libxml2/2.5.8
version/xmlsoft libxml2/2.5.10
version/xmlsoft libxml2/2.5.11
version/xmlsoft libxml2/2.6.0
version/xmlsoft libxml2/2.6.1
version/xmlsoft libxml2/2.6.2
version/xmlsoft libxml2/2.6.3
version/xmlsoft libxml2/2.6.4
version/xmlsoft libxml2/2.6.5
version/xmlsoft libxml2/2.6.6
version/xmlsoft libxml2/2.6.7
version/xmlsoft libxml2/2.6.8
version/xmlsoft libxml2/2.6.9
version/xmlsoft libxml2/2.6.11
version/xmlsoft libxml2/2.6.12
version/xmlsoft libxml2/2.6.13
version/xmlsoft libxml2/2.6.14
version/xmlsoft libxml2/2.6.16
version/xmlsoft libxml2/2.6.17
version/xmlsoft libxml2/2.6.18
version/xmlsoft libxml2/2.6.20
version/xmlsoft libxml2/2.6.21
version/xmlsoft libxml2/2.6.22
version/xmlsoft libxml2/2.6.23
version/xmlsoft libxml2/2.6.24
version/xmlsoft libxml2/2.6.25
version/xmlsoft libxml2/2.6.26
version/xmlsoft libxml2/2.6.27
version/xmlsoft libxml2/2.6.28
version/xmlsoft libxml2/2.6.29
version/xmlsoft libxml2/2.6.30
version/xmlsoft libxml2/2.6.31
version/xmlsoft libxml2/2.6.32
version/xmlsoft libxml2/2.7.0
version/xmlsoft libxml2/2.7.1
version/xmlsoft libxml2/2.7.2
version/xmlsoft libxml2/2.7.3
version/xmlsoft libxml2/2.7.4
version/xmlsoft libxml2/2.7.5
version/xmlsoft libxml2/2.7.6
version/xmlsoft libxml2/2.7.7
version/xmlsoft libxml2/2.7.8
version/xmlsoft libxml2/2.8.0
version/xmlsoft libxml2/2.9.0
version/xmlsoft libxml2/2.9.0-rc1
vendor/apple
canonical/apple mac os x
version/apple mac os x/10.10.4
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/10.04
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
vendor/redhat
canonical/redhat enterprise linux
version/redhat enterprise linux/5.0
package-manager/redhat

CVE-2014-3660

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact