CVE-2013-0338

CWE-119 — Buffer Overflow9 documents8 sources

Severity

4.3MEDIUM

EPSS

0.7%

top 28.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Canonical Ubuntu Linux Opensuse Opensuse

Timeline

PublishedApr 25

Latest updateMay 5

Description

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Debianlibxml2< 2.8.0+dfsg1-7+nmu1+3

▶NVDxmlsoft/libxml22.9.0+124

▶NVDopensuse/opensuse12.1, 12.2, 12.3+2

Also affects: Ubuntu Linux 10.04, 11.10, 12.04, 12.10, 8.04

🔴Vulnerability Details

GHSA

GHSA-pvmp-h985-7qh3: libxml2 2↗2022-05-05

▶

CVEList

CVE-2013-0338: libxml2 2↗2013-04-25

▶

OSV

CVE-2013-0338: libxml2 2↗2013-04-25

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerability↗2013-03-28

▶

Red Hat

libxml2: CPU consumption DoS when performing string substitutions during entities expansion↗2013-02-19

▶

Debian

CVE-2013-0338: libxml2 - libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial o...↗2013

▶

💬Community

Bugzilla

CVE-2013-0338 libxml2: CPU consumption DoS when performing string substitutions during entities expansion↗2013-02-18

▶