← Back

CVE-2014-3660

nvd nist
Published: Nov 4, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:N/A:P
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Affected (116)

Products: Xmlsoft: Libxml2 · Apple: Mac Os X · Canonical: Ubuntu Linux · +2 more
Show all products
Xmlsoft: Libxml2 · Apple: Mac Os X · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Enterprise Linux
Xmlsoft
1 product
Libxml2
Apple
1 product
Mac Os X
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Redhat
1 product
Enterprise Linux
Configuration A
110 vulnerable
Vulnerable SoftwareAffected Versions
Xmlsoft
Libxml2
Up to 2.9.1
Libxml2
Version 2.0.0
Libxml2
Version 2.1.0
Libxml2
Version 2.1.1
Libxml2
Version 2.2.0
Libxml2
Version 2.2.0 beta
Libxml2
Version 2.2.10
Libxml2
Version 2.2.11
Libxml2
Version 2.2.1
Libxml2
Version 2.2.2
Libxml2
Version 2.2.3
Libxml2
Version 2.2.4
Libxml2
Version 2.2.5
Libxml2
Version 2.2.6
Libxml2
Version 2.2.7
Libxml2
Version 2.2.8
Libxml2
Version 2.2.9
Libxml2
Version 2.3.0
Libxml2
Version 2.3.10
Libxml2
Version 2.3.11
Libxml2
Version 2.3.12
Libxml2
Version 2.3.13
Libxml2
Version 2.3.14
Libxml2
Version 2.3.1
Libxml2
Version 2.3.2
Libxml2
Version 2.3.3
Libxml2
Version 2.3.4
Libxml2
Version 2.3.5
Libxml2
Version 2.3.6
Libxml2
Version 2.3.7
Libxml2
Version 2.3.8
Libxml2
Version 2.3.9
Libxml2
Version 2.4.10
Libxml2
Version 2.4.11
Libxml2
Version 2.4.12
Libxml2
Version 2.4.13
Libxml2
Version 2.4.14
Libxml2
Version 2.4.15
Libxml2
Version 2.4.16
Libxml2
Version 2.4.17
Libxml2
Version 2.4.18
Libxml2
Version 2.4.19
Libxml2
Version 2.4.1
Libxml2
Version 2.4.20
Libxml2
Version 2.4.21
Libxml2
Version 2.4.22
Libxml2
Version 2.4.23
Libxml2
Version 2.4.24
Libxml2
Version 2.4.25
Libxml2
Version 2.4.26
Libxml2
Version 2.4.27
Libxml2
Version 2.4.28
Libxml2
Version 2.4.29
Libxml2
Version 2.4.2
Libxml2
Version 2.4.30
Libxml2
Version 2.4.3
Libxml2
Version 2.4.4
Libxml2
Version 2.4.5
Libxml2
Version 2.4.6
Libxml2
Version 2.4.7
Libxml2
Version 2.4.8
Libxml2
Version 2.4.9
Libxml2
Version 2.5.0
Libxml2
Version 2.5.10
Libxml2
Version 2.5.11
Libxml2
Version 2.5.4
Libxml2
Version 2.5.7
Libxml2
Version 2.5.8
Libxml2
Version 2.6.0
Libxml2
Version 2.6.11
Libxml2
Version 2.6.12
Libxml2
Version 2.6.13
Libxml2
Version 2.6.14
Libxml2
Version 2.6.16
Libxml2
Version 2.6.17
Libxml2
Version 2.6.18
Libxml2
Version 2.6.1
Libxml2
Version 2.6.20
Libxml2
Version 2.6.21
Libxml2
Version 2.6.22
Libxml2
Version 2.6.23
Libxml2
Version 2.6.24
Libxml2
Version 2.6.25
Libxml2
Version 2.6.26
Libxml2
Version 2.6.27
Libxml2
Version 2.6.28
Libxml2
Version 2.6.29
Libxml2
Version 2.6.2
Libxml2
Version 2.6.30
Libxml2
Version 2.6.31
Libxml2
Version 2.6.32
Libxml2
Version 2.6.3
Libxml2
Version 2.6.4
Libxml2
Version 2.6.5
Libxml2
Version 2.6.6
Libxml2
Version 2.6.7
Libxml2
Version 2.6.8
Libxml2
Version 2.6.9
Libxml2
Version 2.7.0
Libxml2
Version 2.7.1
Libxml2
Version 2.7.2
Libxml2
Version 2.7.3
Libxml2
Version 2.7.4
Libxml2
Version 2.7.5
Libxml2
Version 2.7.6
Libxml2
Version 2.7.7
Libxml2
Version 2.7.8
Libxml2
Version 2.8.0
Libxml2
Version 2.9.0
Libxml2
Version 2.9.0 rc1
Configuration B
6 vulnerable
Vulnerable SoftwareAffected Versions
Mac Os X
Up to 10.10.4
Canonical
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Debian Linux
Version 7.0
Enterprise Linux
Version 5.0

References (46)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Patch
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Vendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.