Wind River Support Network

HomeDefectsLIN5-18071
Fixed

LIN5-18071 : Security Advisory - libxml2 - CVE-2013-0339

Created: Feb 16, 2014    Updated: Dec 19, 2017
Resolved Date: Apr 10, 2014
Found In Version: 5.0.1.14
Fix Version: 5.0.1.14
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0339

Other Downloads


Live chat
Online