5

CVE-2014-3660

parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.

Data is provided by the National Vulnerability Database (NVD)
XmlsoftLibxml2 Version <= 2.9.1
XmlsoftLibxml2 Version2.0.0
XmlsoftLibxml2 Version2.1.0
XmlsoftLibxml2 Version2.1.1
XmlsoftLibxml2 Version2.2.0
XmlsoftLibxml2 Version2.2.0 Updatebeta
XmlsoftLibxml2 Version2.2.1
XmlsoftLibxml2 Version2.2.2
XmlsoftLibxml2 Version2.2.3
XmlsoftLibxml2 Version2.2.4
XmlsoftLibxml2 Version2.2.5
XmlsoftLibxml2 Version2.2.6
XmlsoftLibxml2 Version2.2.7
XmlsoftLibxml2 Version2.2.8
XmlsoftLibxml2 Version2.2.9
XmlsoftLibxml2 Version2.2.10
XmlsoftLibxml2 Version2.2.11
XmlsoftLibxml2 Version2.3.0
XmlsoftLibxml2 Version2.3.1
XmlsoftLibxml2 Version2.3.2
XmlsoftLibxml2 Version2.3.3
XmlsoftLibxml2 Version2.3.4
XmlsoftLibxml2 Version2.3.5
XmlsoftLibxml2 Version2.3.6
XmlsoftLibxml2 Version2.3.7
XmlsoftLibxml2 Version2.3.8
XmlsoftLibxml2 Version2.3.9
XmlsoftLibxml2 Version2.3.10
XmlsoftLibxml2 Version2.3.11
XmlsoftLibxml2 Version2.3.12
XmlsoftLibxml2 Version2.3.13
XmlsoftLibxml2 Version2.3.14
XmlsoftLibxml2 Version2.4.1
XmlsoftLibxml2 Version2.4.2
XmlsoftLibxml2 Version2.4.3
XmlsoftLibxml2 Version2.4.4
XmlsoftLibxml2 Version2.4.5
XmlsoftLibxml2 Version2.4.6
XmlsoftLibxml2 Version2.4.7
XmlsoftLibxml2 Version2.4.8
XmlsoftLibxml2 Version2.4.9
XmlsoftLibxml2 Version2.4.10
XmlsoftLibxml2 Version2.4.11
XmlsoftLibxml2 Version2.4.12
XmlsoftLibxml2 Version2.4.13
XmlsoftLibxml2 Version2.4.14
XmlsoftLibxml2 Version2.4.15
XmlsoftLibxml2 Version2.4.16
XmlsoftLibxml2 Version2.4.17
XmlsoftLibxml2 Version2.4.18
XmlsoftLibxml2 Version2.4.19
XmlsoftLibxml2 Version2.4.20
XmlsoftLibxml2 Version2.4.21
XmlsoftLibxml2 Version2.4.22
XmlsoftLibxml2 Version2.4.23
XmlsoftLibxml2 Version2.4.24
XmlsoftLibxml2 Version2.4.25
XmlsoftLibxml2 Version2.4.26
XmlsoftLibxml2 Version2.4.27
XmlsoftLibxml2 Version2.4.28
XmlsoftLibxml2 Version2.4.29
XmlsoftLibxml2 Version2.4.30
XmlsoftLibxml2 Version2.5.0
XmlsoftLibxml2 Version2.5.4
XmlsoftLibxml2 Version2.5.7
XmlsoftLibxml2 Version2.5.8
XmlsoftLibxml2 Version2.5.10
XmlsoftLibxml2 Version2.5.11
XmlsoftLibxml2 Version2.6.0
XmlsoftLibxml2 Version2.6.1
XmlsoftLibxml2 Version2.6.2
XmlsoftLibxml2 Version2.6.3
XmlsoftLibxml2 Version2.6.4
XmlsoftLibxml2 Version2.6.5
XmlsoftLibxml2 Version2.6.6
XmlsoftLibxml2 Version2.6.7
XmlsoftLibxml2 Version2.6.8
XmlsoftLibxml2 Version2.6.9
XmlsoftLibxml2 Version2.6.11
XmlsoftLibxml2 Version2.6.12
XmlsoftLibxml2 Version2.6.13
XmlsoftLibxml2 Version2.6.14
XmlsoftLibxml2 Version2.6.16
XmlsoftLibxml2 Version2.6.17
XmlsoftLibxml2 Version2.6.18
XmlsoftLibxml2 Version2.6.20
XmlsoftLibxml2 Version2.6.21
XmlsoftLibxml2 Version2.6.22
XmlsoftLibxml2 Version2.6.23
XmlsoftLibxml2 Version2.6.24
XmlsoftLibxml2 Version2.6.25
XmlsoftLibxml2 Version2.6.26
XmlsoftLibxml2 Version2.6.27
XmlsoftLibxml2 Version2.6.28
XmlsoftLibxml2 Version2.6.29
XmlsoftLibxml2 Version2.6.30
XmlsoftLibxml2 Version2.6.31
XmlsoftLibxml2 Version2.6.32
XmlsoftLibxml2 Version2.7.0
XmlsoftLibxml2 Version2.7.1
XmlsoftLibxml2 Version2.7.2
XmlsoftLibxml2 Version2.7.3
XmlsoftLibxml2 Version2.7.4
XmlsoftLibxml2 Version2.7.5
XmlsoftLibxml2 Version2.7.6
XmlsoftLibxml2 Version2.7.7
XmlsoftLibxml2 Version2.7.8
XmlsoftLibxml2 Version2.8.0
XmlsoftLibxml2 Version2.9.0
XmlsoftLibxml2 Version2.9.0 Updaterc1
ApplemacOS X Version <= 10.10.4
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
DebianDebian Linux Version7.0
RedhatEnterprise Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 5.38% 0.897
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P