Name of the Vulnerable Software and Affected Versions Zend Framework 2 (affected versions not specified)

Description The issue concerns XML Entity Expansion (XEE) attacks, which can lead to Denial Of Service attacks against a host's RAM. This occurs because there is no current method of disabling custom entities in PHP, defined internal to the XML document without using external entities. A long entity can be defined and then referred to multiple times in document elements, creating a memory sink. The use of the LIBXML NOENT or equivalent option can amplify the impact. Additionally, libxml2's innate defense against related Exponential or Billion Laugh's XEE attacks is active only so long as the LIBXML PARSEHUGE is NOT set.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.