CVE-2008-3281

Published: 27 August 2008

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Priority

Medium

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
Upstream
Released (2.7.1)
Patches:
Vendor: https://bugzilla.redhat.com/attachment.cgi?id=314860

Notes

AuthorNote
kees
earlier patches broke ABI (https://bugzilla.redhat.com/show_bug.cgi?id=459830)
USN-644-1 updates this fix to match upstream patches.

References