PT-2009-4880 · Neon+1 · Neon+1
Publicado
2009-08-21
·
Atualizado
2017-09-19
·
CVE-2009-2473
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
neon versions prior to 0.28.6
Description
The issue allows context-dependent attackers to cause a denial of service due to memory and CPU consumption via a crafted XML document containing a large number of nested entity references. This occurs because neon does not properly detect recursion during entity expansion when expat is used.
Recommendations
For versions prior to 0.28.6, update to version 0.28.6 or later to resolve the issue.
Exploit
Correção
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat
Neon