CVE-2019-1010017

Name of the Vulnerable Software and Affected Versions: libnmap versions prior to 0.6.3

Description: The issue is related to an XML injection vulnerability, similar to a Billion-Laughs style attack. This vulnerability can lead to a denial of service (DoS) by consuming resources. The component affected is the XML parsing functionality. The attack vector involves a specially crafted XML payload.

Recommendations: For versions prior to 0.6.3, update to version 0.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XML parsing component to minimize the risk of exploitation. Avoid using the NmapParser() function with untrusted XML inputs until the issue is resolved.