NVD

Id
74634  
Name
CVE-2003-1564  
Description
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-03  
Published
2003-12-31  
Modified Date
2008-10-24  
Seq
2003-1564  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
383069 74634 CVE-2003-1564 [xml] 20080820 Security fix for libxml2  View
383070 74634 CVE-2003-1564 http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2  View
383071 74634 CVE-2003-1564 RHSA-2008:0886  View
383072 74634 CVE-2003-1564 [xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services  View
383073 74634 CVE-2003-1564 http://xmlsoft.org/news.html  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
63665 JVNDB-2003-000398 libxml2 の XML ドキュメント処理におけるサービス運用妨害 (DoS) の脆弱性 libxml2 には、エンティティ拡張の処理に不備があるため、サービス運用妨害 (DoS) の脆弱性が存在します。 CVE-2003-1564 8387 CVE-2003-1564 74634 9.3 http://jvndb.jvn.jp/ja/contents/2003/JVNDB-2003-000398.html 2003-12-31 2009-02-20 View