CVE-2014-3660

Priority
Description
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion
even when entity substitution has been disabled, which allows
context-dependent attackers to cause a denial of service (CPU consumption)
via a crafted XML document containing a large number of nested entity
references, a variant of the "billion laughs" attack.
Assigned-to
mdeslaur
More Information

Updated: 2019-03-19 12:14:53 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)