4.3

CVE-2013-0338

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version <= 2.9.0
XmlsoftLibxml2 Version1.7.0
XmlsoftLibxml2 Version1.7.1
XmlsoftLibxml2 Version1.7.2
XmlsoftLibxml2 Version1.7.3
XmlsoftLibxml2 Version1.7.4
XmlsoftLibxml2 Version1.8.0
XmlsoftLibxml2 Version1.8.1
XmlsoftLibxml2 Version1.8.2
XmlsoftLibxml2 Version1.8.3
XmlsoftLibxml2 Version1.8.4
XmlsoftLibxml2 Version1.8.5
XmlsoftLibxml2 Version1.8.6
XmlsoftLibxml2 Version1.8.7
XmlsoftLibxml2 Version1.8.9
XmlsoftLibxml2 Version1.8.10
XmlsoftLibxml2 Version1.8.13
XmlsoftLibxml2 Version1.8.14
XmlsoftLibxml2 Version1.8.16
XmlsoftLibxml2 Version2.0.0
XmlsoftLibxml2 Version2.1.0
XmlsoftLibxml2 Version2.1.1
XmlsoftLibxml2 Version2.2.0
XmlsoftLibxml2 Version2.2.0 Updatebeta
XmlsoftLibxml2 Version2.2.1
XmlsoftLibxml2 Version2.2.2
XmlsoftLibxml2 Version2.2.3
XmlsoftLibxml2 Version2.2.4
XmlsoftLibxml2 Version2.2.5
XmlsoftLibxml2 Version2.2.6
XmlsoftLibxml2 Version2.2.7
XmlsoftLibxml2 Version2.2.8
XmlsoftLibxml2 Version2.2.9
XmlsoftLibxml2 Version2.2.10
XmlsoftLibxml2 Version2.2.11
XmlsoftLibxml2 Version2.3.0
XmlsoftLibxml2 Version2.3.1
XmlsoftLibxml2 Version2.3.2
XmlsoftLibxml2 Version2.3.3
XmlsoftLibxml2 Version2.3.4
XmlsoftLibxml2 Version2.3.5
XmlsoftLibxml2 Version2.3.6
XmlsoftLibxml2 Version2.3.7
XmlsoftLibxml2 Version2.3.8
XmlsoftLibxml2 Version2.3.9
XmlsoftLibxml2 Version2.3.10
XmlsoftLibxml2 Version2.3.11
XmlsoftLibxml2 Version2.3.12
XmlsoftLibxml2 Version2.3.13
XmlsoftLibxml2 Version2.3.14
XmlsoftLibxml2 Version2.4.1
XmlsoftLibxml2 Version2.4.2
XmlsoftLibxml2 Version2.4.3
XmlsoftLibxml2 Version2.4.4
XmlsoftLibxml2 Version2.4.5
XmlsoftLibxml2 Version2.4.6
XmlsoftLibxml2 Version2.4.7
XmlsoftLibxml2 Version2.4.8
XmlsoftLibxml2 Version2.4.9
XmlsoftLibxml2 Version2.4.10
XmlsoftLibxml2 Version2.4.11
XmlsoftLibxml2 Version2.4.12
XmlsoftLibxml2 Version2.4.13
XmlsoftLibxml2 Version2.4.14
XmlsoftLibxml2 Version2.4.15
XmlsoftLibxml2 Version2.4.16
XmlsoftLibxml2 Version2.4.17
XmlsoftLibxml2 Version2.4.18
XmlsoftLibxml2 Version2.4.19
XmlsoftLibxml2 Version2.4.20
XmlsoftLibxml2 Version2.4.21
XmlsoftLibxml2 Version2.4.22
XmlsoftLibxml2 Version2.4.23
XmlsoftLibxml2 Version2.4.24
XmlsoftLibxml2 Version2.4.25
XmlsoftLibxml2 Version2.4.26
XmlsoftLibxml2 Version2.4.27
XmlsoftLibxml2 Version2.4.28
XmlsoftLibxml2 Version2.4.29
XmlsoftLibxml2 Version2.4.30
XmlsoftLibxml2 Version2.5.0
XmlsoftLibxml2 Version2.5.4
XmlsoftLibxml2 Version2.5.7
XmlsoftLibxml2 Version2.5.8
XmlsoftLibxml2 Version2.5.10
XmlsoftLibxml2 Version2.5.11
XmlsoftLibxml2 Version2.6.0
XmlsoftLibxml2 Version2.6.1
XmlsoftLibxml2 Version2.6.2
XmlsoftLibxml2 Version2.6.3
XmlsoftLibxml2 Version2.6.4
XmlsoftLibxml2 Version2.6.5
XmlsoftLibxml2 Version2.6.6
XmlsoftLibxml2 Version2.6.7
XmlsoftLibxml2 Version2.6.8
XmlsoftLibxml2 Version2.6.9
XmlsoftLibxml2 Version2.6.11
XmlsoftLibxml2 Version2.6.12
XmlsoftLibxml2 Version2.6.13
XmlsoftLibxml2 Version2.6.14
XmlsoftLibxml2 Version2.6.16
XmlsoftLibxml2 Version2.6.17
XmlsoftLibxml2 Version2.6.18
XmlsoftLibxml2 Version2.6.20
XmlsoftLibxml2 Version2.6.21
XmlsoftLibxml2 Version2.6.22
XmlsoftLibxml2 Version2.6.23
XmlsoftLibxml2 Version2.6.24
XmlsoftLibxml2 Version2.6.25
XmlsoftLibxml2 Version2.6.26
XmlsoftLibxml2 Version2.6.27
XmlsoftLibxml2 Version2.6.28
XmlsoftLibxml2 Version2.6.29
XmlsoftLibxml2 Version2.6.30
XmlsoftLibxml2 Version2.6.31
XmlsoftLibxml2 Version2.6.32
XmlsoftLibxml2 Version2.7.0
XmlsoftLibxml2 Version2.7.1
XmlsoftLibxml2 Version2.7.2
XmlsoftLibxml2 Version2.7.3
XmlsoftLibxml2 Version2.7.4
XmlsoftLibxml2 Version2.7.5
XmlsoftLibxml2 Version2.7.6
XmlsoftLibxml2 Version2.7.7
XmlsoftLibxml2 Version2.7.8
XmlsoftLibxml2 Version2.9.0 Updaterc1
CanonicalUbuntu Linux Version8.04 Update- Editionlts
CanonicalUbuntu Linux Version10.04 Update- Editionlts
CanonicalUbuntu Linux Version11.10
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version12.10
OpensuseOpensuse Version12.1
OpensuseOpensuse Version12.2
OpensuseOpensuse Version12.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.485
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.