Description
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
References (42)
Scores
CVSS v3
6.5
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-776
Status
published
Products (26)
apple/iphone_os
1.0.0 - 3.0
apple/safari
< 4.0
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
7.04
canonical/ubuntu_linux
7.10
canonical/ubuntu_linux
8.04
debian/debian_linux
4.0
fedoraproject/fedora
9
redhat/enterprise_linux_desktop
3.0
redhat/enterprise_linux_desktop
4.0
... and 16 more
Published
Aug 27, 2008
Tracked Since
Feb 18, 2026