Vulnerabilities

CVE-2014-3660

by Fred · 04/11/2014

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Date published : 2014-11-04

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

Similar

Tags: Cybersecurity Alert