{ "id": "CVE-2003-1564", "sourceIdentifier": "cve@mitre.org", "published": "2003-12-31T05:00:00.000", "lastModified": "2008-10-24T04:30:02.847", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\"" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3 }, "baseSeverity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-189" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2524F0A-AC51-44CB-A4ED-09B70C7E19A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "569432A3-3145-40CD-BFA8-6B70BE47F3E1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "9635F852-0577-45F6-A301-8DF8108860A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D2E409CD-F17C-4A1F-8F84-5E495B2D4652" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E08C8CA8-9F4E-4591-9DDC-C1102F691647" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E973C066-2745-49B5-9FDA-CCD6CE0633B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8070C75-15A8-4A9D-AA0F-4D92CC2691ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6EDF7C8-50C8-4A20-975E-06B2D528E2B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE252FCD-647B-4586-A8EC-6BB095BB3E95" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "5291EC59-4016-40B3-BF08-292080D19243" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "0A84CCC4-6F7E-4563-AE45-AF6B45A7D1B4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "F2E74FC5-77EE-42A9-B2F7-6C4FC2F0CD20" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "FADFC1E5-2F83-484B-852B-D71B7D1C5A80" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "E2779B6F-AA9F-4D2D-9DD1-9BC9A9042DD7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B172A659-DC83-483D-8DBE-637E89DF3DFB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "B3FD4D7C-1826-4BC9-BCEA-6FB8D7738D51" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "52800CB4-6389-4AB0-A098-8F465CF4A733" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "7D499267-5C14-4888-92C7-2ECE909BD9F6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "586C0FAB-E288-4EFB-8946-4535971F23F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "15236DDC-0095-4253-9113-61F76EFC0769" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "98F95AB1-D3D0-4E39-B135-4B55991845CE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "392E4AA7-00D2-45B1-9FA7-C1C7C37431F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*", "matchCriteriaId": "C7839A86-59AA-400C-BF29-18E612B8EB4D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F9A211A-5C44-4BDC-9676-3B7B937835B9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BECA085A-BEF1-4AD2-ABBA-069CE2642796" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E66BF7BC-5B5C-40BB-B826-3CC9DBAB53D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F330D609-31EB-4B4C-B007-ACEABA557F54" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D9E2F05B-B298-489C-9E44-62E0A199E148" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "070B2F1F-9A99-4A20-9BA9-CF175D482DA6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "25DC5AE4-9DEA-4828-96F0-57BACB6C9B25" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "BDE26E6D-53FF-4001-8F25-C112635CB74E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "D1210A8D-5359-4FD4-963F-506200AA20AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "AA748E50-798F-40EA-B252-0A166DEEB120" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "C5B9E7CC-D552-4C9A-909E-42D375452E09" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "06C20B5C-16E7-4C1B-A2DB-8EB4B9A7045D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D7A901B3-B0F4-4D2B-8CAF-25938219B657" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "12FCBA01-D739-4BA2-83F5-D41A6DF91F1F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "EFC8C43D-84C7-4C0C-8DD1-66206D665C35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "5E60C1B4-BBC1-4E2B-8323-A7E059EF6BEE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B677850-4FE9-4522-ADAE-42C5D17D4A7D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "9BB7931B-55AA-4735-8AAB-9F3A9E9C0123" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "F4A5B9AF-7F82-4EEC-A776-587C6DD44448" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "94D33392-DD5C-4704-BECF-69D416F9F2C0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "B1BA896F-07D7-4B93-939B-B6CDD1DCA87C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "647CA5AD-5AC2-448E-8445-62837F413361" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "37D4241B-A328-45F0-9FAB-CEE20DC7432E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "CAAD77C4-84EC-4924-90F8-35A2375AA6A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "6A124C5A-C72C-4623-925E-378FF40671EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "8ACD2FD4-E884-4FC5-842B-86AAE06D9E05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "14A9036D-1474-4097-9E70-09F7BBA2826C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E8884CF6-2F5B-465F-841B-3C69EC3BE3BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A699B966-3756-4D5B-8693-0678EEDD8AD0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1E50FED-4BAD-4D04-98C3-C2427E086C1B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "70880522-BBC0-4D5C-8DA3-245E189FA1C0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "1A8BA1A0-F8E7-4B93-B667-D012C91F831E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "27662848-9CD5-43BC-9A1B-8C6EBACCCC21" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C967E50C-E7AA-49D0-A055-20CA083CA232" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA398ACA-73C2-4093-AD35-E30161C96C25" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "757B5A74-6B7B-4F01-9891-9F9E510074C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "5C10CC4C-3A9C-4AD0-A7C1-ACF781BF20D5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2E67FD94-4E96-4FCC-990B-4C0A5C599ED0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "8E7DDE27-9DE8-4E45-AFA2-AFFEA8F0D917" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "92CEEDA7-5DFC-4DB0-989E-F356E5CF65A9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "25D60B58-3558-4244-A5B3-8D16F53A9588" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "E5DB409B-795F-4F8A-85E1-0B4E66AE9D48" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "457C47ED-A429-42AE-9FF9-978D605BACFE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "3C20B9D5-9E10-4B6D-8095-B2A63EDB8D16" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "9087E4FE-661F-4803-BB3B-09D2699265E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "7C2D01CF-9FCE-41F8-997E-EA9BDCCD8C76" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "84E1C7A6-DCA7-4760-B1B6-EFB256978CFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "9F1E7CFF-E4B3-4B31-BE23-C187544E9488" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "81EDD077-5183-4588-8DB1-93A0597AAA34" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "530FE28C-0D51-4BF9-AE43-D65F9913B48B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "F030053E-2292-42E2-8435-0CFBDDE688DB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A0258377-DD8B-4FA6-B075-E8489C83CEAE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "69E0BD23-38C6-43C0-870F-00B13F7C91D3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "F3D3350E-5186-4DC8-9D1B-59068A469496" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "F76783D0-63F8-48A7-85FE-E5E8DBFA223D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "52AE89B2-C1A3-48C8-AEB5-4B0D757AE361" }, { "vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ACA170D-21DB-47CD-AD73-2DEB2A2439F1" } ] } ] } ], "references": [ { "url": "http://mail.gnome.org/archives/xml/2008-August/msg00034.html", "source": "cve@mitre.org" }, { "url": "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2", "source": "cve@mitre.org" }, { "url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html", "source": "cve@mitre.org" }, { "url": "http://www.stylusstudio.com/xmldev/200302/post20020.html", "source": "cve@mitre.org" }, { "url": "http://xmlsoft.org/news.html", "source": "cve@mitre.org" } ] }