Skip to main content

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVE-2003-1564

Severity Medium
Score 6.5/10

Summary

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • HIGH

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References

Advisory Timeline

  • Published