CVE-2009-2473
Published: 21 August 2009
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Notes
| Author | Note |
|---|---|
| jdstrand | neon, neon26 and neon27 are all build with libxml2 and not expat |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
neon Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Not vulnerable
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
|
neon26 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Does not exist
|
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
|
neon27 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
| dapper |
Does not exist
|
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|