CVE-2013-0339

CWE-2648 documents8 sources
Severity
6.8MEDIUM
EPSS
1.8%
top 17.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Xmlsoft Libxml2Canonical Ubuntu LinuxDebian Debian Linux+1 more
Timeline
PublishedJan 21
Latest updateMay 5

Description

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expans

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

Debianlibxml2< 2.8.0+dfsg1-7+nmu1+3
NVDxmlsoft/libxml22.9.1+125

Also affects: Debian Linux 6.0, 7.0, Ubuntu Linux 10.04, 12.04, 12.10, 13.04

Patches

Patch: git.gnome.orgPatch: git.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-4qgp-72gr-jfg9: libxml2 through 22022-05-05
OSV
CVE-2013-0339: libxml2 through 22014-01-21
CVEList
CVE-2013-0339: libxml2 through 22014-01-21

📋Vendor Advisories

3
Ubuntu
libxml2 vulnerabilities2013-07-15
Red Hat
libxml2: CPU consumption DoS and other effects when performing string substitutions during external entities expansion2013-02-19
Debian
CVE-2013-0339: libxml2 - libxml2 through 2.9.1 does not properly handle external entities expansion unles...2013

💬Community

1
Bugzilla
CVE-2013-0339 libxml2: CPU consumption DoS and other effects when performing string substitutions during external entities expansion2013-02-25
CVE-2013-0339 (MEDIUM CVSS 6.8) | libxml2 through 2.9.1 does not prop | cvebase.io