CVE-2003-1564

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.5.0 libxml2-devel versions prior to 2.5.0 libxml2-python versions prior to 2.5.0

Description The issue concerns multiple vulnerabilities in the libxml2 package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, libxml2 does not properly detect recursion during entity expansion, allowing context-dependent attackers to cause a denial of service via a crafted XML document containing a large number of nested entity references, also known as the "billion laughs attack."

Recommendations For libxml2 versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. For libxml2-devel versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. For libxml2-python versions prior to 2.5.0, update to version 2.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of XML documents to prevent the "billion laughs attack" until a patch is available.