cbcvebase.
CVE-2003-1564
published 2003-12-31

CVE-2003-1564: libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of…

PriorityP416medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.62%
73.1th percentile
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Affected

414 ranges· showing 25
VendorProductVersion rangeFixed in
apacheapr-util< 1.3.71.3.7
apacheapr-util>= 0 < 1.3.7+dfsg-11.3.7+dfsg-1
apacheapr-util>= 0 < 1.3.7+dfsg-11.3.7+dfsg-1
apacheapr-util>= 0 < 1.3.7+dfsg-11.3.7+dfsg-1
apacheapr-util>= 0 < 1.3.7+dfsg-11.3.7+dfsg-1
apachehttp_server>= 2.2.0 < 2.2.122.2.12
applemac_os_x< 10.6.210.6.2
applemac_os_x< 10.6.810.6.8
applemac_os_x>= 10.7.0 < 10.7.210.7.2
applemac_os_x_server< 10.6.810.6.8
applemac_os_x_server>= 10.7.0 < 10.7.210.7.2
brad_fitzpatrickdjabberd<= 0.84
brad_fitzpatrickdjabberd
brad_fitzpatrickdjabberd
brad_fitzpatrickdjabberd
brad_fitzpatrickdjabberd
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
ciscojabber_extensible_communications_platform<= 5.8
ciscojabber_extensible_communications_platform<= 5.4
ciscojabber_extensible_communications_platform
ciscojabber_extensible_communications_platform
ciscojabber_extensible_communications_platform

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_msrc7.5HIGH
vendor_debian6.5LOW
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.