New Search

Libxml2 Recursive Entity Evaluation Bug Lets Remote Users Deny Service

oval:org.mitre.oval:def:6496

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
  • VMWare ESX Server 3
Class:
vulnerability
Reference(s):
  • CVE-2008-3281
Product(s):