First published: Fri Oct 03 2014(Updated: )
IssueDescription: A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libxml2 | <2.9.2 | 2.9.2 |
libxml2-devel | <=2.9.1 | |
libxml2-devel | =2.0.0 | |
libxml2-devel | =2.1.0 | |
libxml2-devel | =2.1.1 | |
libxml2-devel | =2.2.0 | |
libxml2-devel | =2.2.0-beta | |
libxml2-devel | =2.2.1 | |
libxml2-devel | =2.2.2 | |
libxml2-devel | =2.2.3 | |
libxml2-devel | =2.2.4 | |
libxml2-devel | =2.2.5 | |
libxml2-devel | =2.2.6 | |
libxml2-devel | =2.2.7 | |
libxml2-devel | =2.2.8 | |
libxml2-devel | =2.2.9 | |
libxml2-devel | =2.2.10 | |
libxml2-devel | =2.2.11 | |
libxml2-devel | =2.3.0 | |
libxml2-devel | =2.3.1 | |
libxml2-devel | =2.3.2 | |
libxml2-devel | =2.3.3 | |
libxml2-devel | =2.3.4 | |
libxml2-devel | =2.3.5 | |
libxml2-devel | =2.3.6 | |
libxml2-devel | =2.3.7 | |
libxml2-devel | =2.3.8 | |
libxml2-devel | =2.3.9 | |
libxml2-devel | =2.3.10 | |
libxml2-devel | =2.3.11 | |
libxml2-devel | =2.3.12 | |
libxml2-devel | =2.3.13 | |
libxml2-devel | =2.3.14 | |
libxml2-devel | =2.4.1 | |
libxml2-devel | =2.4.2 | |
libxml2-devel | =2.4.3 | |
libxml2-devel | =2.4.4 | |
libxml2-devel | =2.4.5 | |
libxml2-devel | =2.4.6 | |
libxml2-devel | =2.4.7 | |
libxml2-devel | =2.4.8 | |
libxml2-devel | =2.4.9 | |
libxml2-devel | =2.4.10 | |
libxml2-devel | =2.4.11 | |
libxml2-devel | =2.4.12 | |
libxml2-devel | =2.4.13 | |
libxml2-devel | =2.4.14 | |
libxml2-devel | =2.4.15 | |
libxml2-devel | =2.4.16 | |
libxml2-devel | =2.4.17 | |
libxml2-devel | =2.4.18 | |
libxml2-devel | =2.4.19 | |
libxml2-devel | =2.4.20 | |
libxml2-devel | =2.4.21 | |
libxml2-devel | =2.4.22 | |
libxml2-devel | =2.4.23 | |
libxml2-devel | =2.4.24 | |
libxml2-devel | =2.4.25 | |
libxml2-devel | =2.4.26 | |
libxml2-devel | =2.4.27 | |
libxml2-devel | =2.4.28 | |
libxml2-devel | =2.4.29 | |
libxml2-devel | =2.4.30 | |
libxml2-devel | =2.5.0 | |
libxml2-devel | =2.5.4 | |
libxml2-devel | =2.5.7 | |
libxml2-devel | =2.5.8 | |
libxml2-devel | =2.5.10 | |
libxml2-devel | =2.5.11 | |
libxml2-devel | =2.6.0 | |
libxml2-devel | =2.6.1 | |
libxml2-devel | =2.6.2 | |
libxml2-devel | =2.6.3 | |
libxml2-devel | =2.6.4 | |
libxml2-devel | =2.6.5 | |
libxml2-devel | =2.6.6 | |
libxml2-devel | =2.6.7 | |
libxml2-devel | =2.6.8 | |
libxml2-devel | =2.6.9 | |
libxml2-devel | =2.6.11 | |
libxml2-devel | =2.6.12 | |
libxml2-devel | =2.6.13 | |
libxml2-devel | =2.6.14 | |
libxml2-devel | =2.6.16 | |
libxml2-devel | =2.6.17 | |
libxml2-devel | =2.6.18 | |
libxml2-devel | =2.6.20 | |
libxml2-devel | =2.6.21 | |
libxml2-devel | =2.6.22 | |
libxml2-devel | =2.6.23 | |
libxml2-devel | =2.6.24 | |
libxml2-devel | =2.6.25 | |
libxml2-devel | =2.6.26 | |
libxml2-devel | =2.6.27 | |
libxml2-devel | =2.6.28 | |
libxml2-devel | =2.6.29 | |
libxml2-devel | =2.6.30 | |
libxml2-devel | =2.6.31 | |
libxml2-devel | =2.6.32 | |
libxml2-devel | =2.7.0 | |
libxml2-devel | =2.7.1 | |
libxml2-devel | =2.7.2 | |
libxml2-devel | =2.7.3 | |
libxml2-devel | =2.7.4 | |
libxml2-devel | =2.7.5 | |
libxml2-devel | =2.7.6 | |
libxml2-devel | =2.7.7 | |
libxml2-devel | =2.7.8 | |
libxml2-devel | =2.8.0 | |
libxml2-devel | =2.9.0 | |
libxml2-devel | =2.9.0-rc1 | |
Apple iOS and macOS | <=10.10.4 | |
Ubuntu | =10.04 | |
Ubuntu | =12.04 | |
Ubuntu | =14.04 | |
Debian | =7.0 | |
Red Hat Enterprise Linux | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-3660 is classified as a denial of service vulnerability that can lead to excessive CPU consumption.
To fix CVE-2014-3660, update the libxml2 library to version 2.9.2 or later.
CVE-2014-3660 affects various versions of the libxml2 library, particularly those prior to version 2.9.2.
Yes, CVE-2014-3660 can be exploited by a remote attacker using a specially crafted XML file.
If exploited, CVE-2014-3660 can lead to a denial of service, causing applications to consume excessive CPU resources.