CVE-2008-3281

Priority
Description
libxml2 2.6.32 and earlier does not properly detect recursion during entity
expansion in an attribute value, which allows context-dependent attackers
to cause a denial of service (memory and CPU consumption) via a crafted XML
document.
Assigned-to
kees
Notes
keesearlier patches broke ABI (https://bugzilla.redhat.com/show_bug.cgi?id=459830)
USN-644-1 updates this fix to match upstream patches.
Package
Upstream:released (2.7.1)
Patches:
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=314860
More Information

Updated: 2020-09-10 00:43:18 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)