CVE-2013-4549
published 2013-12-23CVE-2013-4549: QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.10%
86.1th percentile
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qtbase-opensource-src | < qtbase-opensource-src 5.1.1+dfsg-6 (bookworm) | qtbase-opensource-src 5.1.1+dfsg-6 (bookworm) |
| digia | qt | <= 5.1.0 | — |
| qt | qt | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Qt vulnerability
vendor_ubuntu·2013-12-17
CVE-2013-4549 Qt vulnerability
Title: Qt vulnerability
Summary: Qt could be made to consume resources and hang if it processed XML data.
It was discovered that QXmlSimpleReader in Qt incorrectly handled XML
entity expansion. An attacker could use this flaw to cause Qt applications
to consume large amounts of resources, resulting in a denial of service.
Instructions: After a standard system update you need to restart your session to make all
the necessary changes.
Red Hat
QtXML: XML entity expansion denial of service
vendor_redhat·2013-12-05·CVSS 5.0
CVE-2013-4549 [MEDIUM] CWE-611 QtXML: XML entity expansion denial of service
QtXML: XML entity expansion denial of service
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Debian
CVE-2013-4549: qtbase-opensource-src - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a ...
vendor_debian·2013·CVSS 5.0
CVE-2013-4549 [MEDIUM] CVE-2013-4549: qtbase-opensource-src - QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a ...
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
Scope: local
bookworm: resolved (fixed in 5.1.1+dfsg-6)
bullseye: resolved (fixed in 5.1.1+dfsg-6)
forky: resolved (fixed in 5.1.1+dfsg-6)
sid: resolved (fixed in 5.1.1+dfsg-6)
trixie: resolved (fixed in 5.1.1+dfsg-6)
GHSA
GHSA-73gj-v8wr-fjfj: QXmlSimpleReader in Qt before 5
ghsa_unreviewed·2022-05-13
CVE-2013-4549 [MEDIUM] CWE-20 GHSA-73gj-v8wr-fjfj: QXmlSimpleReader in Qt before 5
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
OSV
CVE-2013-4549: QXmlSimpleReader in Qt before 5
osv·2013-12-23·CVSS 5.0
CVE-2013-4549 [MEDIUM] CVE-2013-4549: QXmlSimpleReader in Qt before 5
QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [fedora-all]
bugzilla·2014-03-14·CVSS 5.0
CVE-2013-4549 [MEDIUM] CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [fedora-all]
CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
Bugzilla
CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [epel-6]
bugzilla·2014-03-14·CVSS 5.0
CVE-2013-4549 [MEDIUM] CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [epel-6]
CVE-2013-4549 qtsoap: QtXML: XML entity expansion denial of service [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-6 tracking bug for
Bugzilla
CVE-2013-4549 QtXML: XML entity expansion denial of service
bugzilla·2013-04-22·CVSS 5.0
CVE-2013-4549 [MEDIUM] CVE-2013-4549 QtXML: XML entity expansion denial of service
CVE-2013-4549 QtXML: XML entity expansion denial of service
Florian Weimer of the Red Hat Product Security Team reported that tSoapMessage::setContent(const QByteArray &) does not initialize the QDomDocument object it uses for XML parsing in such a way that entity expansion does not occur. At the very least, this results in a denial of service vulnerability because this function is used to parse XML data received over the network.
Discussion:
BZ references old Qt tracker as "Qt Bug Tracker", so references added by Florian should be:
https://bugs.kde.org/show_bug.cgi?id=311680
https://bugreports.qt-project.org/browse/QTBUG-29019
---
Furthermore, QtXml has an XML spec compliance issue which causes it to accept this document (well, it tries its best at it):
See :
"
Well-formedness co
http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00085.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00104.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00106.htmlhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.htmlhttp://secunia.com/advisories/56008http://secunia.com/advisories/56166http://www.ubuntu.com/usn/USN-2057-1https://codereview.qt-project.org/#change%2C71010https://codereview.qt-project.org/#change%2C71368http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00044.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00047.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00085.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00104.htmlhttp://lists.opensuse.org/opensuse-updates/2014-01/msg00106.htmlhttp://lists.qt-project.org/pipermail/announce/2013-December/000036.htmlhttp://secunia.com/advisories/56008http://secunia.com/advisories/56166http://www.ubuntu.com/usn/USN-2057-1https://codereview.qt-project.org/#change%2C71010https://codereview.qt-project.org/#change%2C71368
2013-12-23
Published