{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-21T17:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "52662", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52662"}, {"name": "SUSE-SU-2013:1627", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"name": "[oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/02/21/24"}, {"name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2013/02/22/3"}, {"name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/188"}, {"name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/184"}, {"name": "[oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2013/q4/182"}, {"name": "USN-1904-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1904-2"}, {"name": "USN-1904-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1904-1"}, {"name": "DSA-2652", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2652"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149"}, {"name": "54172", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54172"}, {"name": "55568", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55568"}, {"tags": ["x_refsource_MISC"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"}, {"name": "[oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:09.789Z"}, "title": "CVE Program Container", "references": [{"name": "52662", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52662"}, {"name": "SUSE-SU-2013:1627", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"name": "[oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/02/21/24"}, {"name": "[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2013/02/22/3"}, {"name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/188"}, {"name": "[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/184"}, {"name": "[oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2013/q4/182"}, {"name": "USN-1904-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1904-2"}, {"name": "USN-1904-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1904-1"}, {"name": "DSA-2652", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2652"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149"}, {"name": "54172", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54172"}, {"name": "55568", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55568"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"}, {"name": "[oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0339", "datePublished": "2014-01-21T18:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:25:09.789Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "18BCA403-8F0F-4564-BE7E-1DE10408B54B", "versionEndIncluding": "2.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2524F0A-AC51-44CB-A4ED-09B70C7E19A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "569432A3-3145-40CD-BFA8-6B70BE47F3E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "9635F852-0577-45F6-A301-8DF8108860A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D2E409CD-F17C-4A1F-8F84-5E495B2D4652", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E08C8CA8-9F4E-4591-9DDC-C1102F691647", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E973C066-2745-49B5-9FDA-CCD6CE0633B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8070C75-15A8-4A9D-AA0F-4D92CC2691ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6EDF7C8-50C8-4A20-975E-06B2D528E2B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE252FCD-647B-4586-A8EC-6BB095BB3E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "5291EC59-4016-40B3-BF08-292080D19243", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "0A84CCC4-6F7E-4563-AE45-AF6B45A7D1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "F2E74FC5-77EE-42A9-B2F7-6C4FC2F0CD20", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "FADFC1E5-2F83-484B-852B-D71B7D1C5A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "E2779B6F-AA9F-4D2D-9DD1-9BC9A9042DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B172A659-DC83-483D-8DBE-637E89DF3DFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "B3FD4D7C-1826-4BC9-BCEA-6FB8D7738D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "52800CB4-6389-4AB0-A098-8F465CF4A733", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "7D499267-5C14-4888-92C7-2ECE909BD9F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "586C0FAB-E288-4EFB-8946-4535971F23F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "15236DDC-0095-4253-9113-61F76EFC0769", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "98F95AB1-D3D0-4E39-B135-4B55991845CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "392E4AA7-00D2-45B1-9FA7-C1C7C37431F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*", "matchCriteriaId": "C7839A86-59AA-400C-BF29-18E612B8EB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F9A211A-5C44-4BDC-9676-3B7B937835B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BECA085A-BEF1-4AD2-ABBA-069CE2642796", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E66BF7BC-5B5C-40BB-B826-3CC9DBAB53D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F330D609-31EB-4B4C-B007-ACEABA557F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D9E2F05B-B298-489C-9E44-62E0A199E148", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "070B2F1F-9A99-4A20-9BA9-CF175D482DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "25DC5AE4-9DEA-4828-96F0-57BACB6C9B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "BDE26E6D-53FF-4001-8F25-C112635CB74E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "D1210A8D-5359-4FD4-963F-506200AA20AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "AA748E50-798F-40EA-B252-0A166DEEB120", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "C5B9E7CC-D552-4C9A-909E-42D375452E09", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "06C20B5C-16E7-4C1B-A2DB-8EB4B9A7045D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D7A901B3-B0F4-4D2B-8CAF-25938219B657", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "12FCBA01-D739-4BA2-83F5-D41A6DF91F1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "EFC8C43D-84C7-4C0C-8DD1-66206D665C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "5E60C1B4-BBC1-4E2B-8323-A7E059EF6BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B677850-4FE9-4522-ADAE-42C5D17D4A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "9BB7931B-55AA-4735-8AAB-9F3A9E9C0123", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "F4A5B9AF-7F82-4EEC-A776-587C6DD44448", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "94D33392-DD5C-4704-BECF-69D416F9F2C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "B1BA896F-07D7-4B93-939B-B6CDD1DCA87C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "647CA5AD-5AC2-448E-8445-62837F413361", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "37D4241B-A328-45F0-9FAB-CEE20DC7432E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "CAAD77C4-84EC-4924-90F8-35A2375AA6A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "6A124C5A-C72C-4623-925E-378FF40671EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "8ACD2FD4-E884-4FC5-842B-86AAE06D9E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "14A9036D-1474-4097-9E70-09F7BBA2826C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E8884CF6-2F5B-465F-841B-3C69EC3BE3BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A699B966-3756-4D5B-8693-0678EEDD8AD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1E50FED-4BAD-4D04-98C3-C2427E086C1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "70880522-BBC0-4D5C-8DA3-245E189FA1C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "1A8BA1A0-F8E7-4B93-B667-D012C91F831E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "27662848-9CD5-43BC-9A1B-8C6EBACCCC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C967E50C-E7AA-49D0-A055-20CA083CA232", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA398ACA-73C2-4093-AD35-E30161C96C25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "757B5A74-6B7B-4F01-9891-9F9E510074C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "5C10CC4C-3A9C-4AD0-A7C1-ACF781BF20D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2E67FD94-4E96-4FCC-990B-4C0A5C599ED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "8E7DDE27-9DE8-4E45-AFA2-AFFEA8F0D917", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "92CEEDA7-5DFC-4DB0-989E-F356E5CF65A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "25D60B58-3558-4244-A5B3-8D16F53A9588", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "E5DB409B-795F-4F8A-85E1-0B4E66AE9D48", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "457C47ED-A429-42AE-9FF9-978D605BACFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "3C20B9D5-9E10-4B6D-8095-B2A63EDB8D16", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "9087E4FE-661F-4803-BB3B-09D2699265E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "7C2D01CF-9FCE-41F8-997E-EA9BDCCD8C76", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "84E1C7A6-DCA7-4760-B1B6-EFB256978CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "9F1E7CFF-E4B3-4B31-BE23-C187544E9488", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "81EDD077-5183-4588-8DB1-93A0597AAA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "530FE28C-0D51-4BF9-AE43-D65F9913B48B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "F030053E-2292-42E2-8435-0CFBDDE688DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A0258377-DD8B-4FA6-B075-E8489C83CEAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "69E0BD23-38C6-43C0-870F-00B13F7C91D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "F3D3350E-5186-4DC8-9D1B-59068A469496", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "F76783D0-63F8-48A7-85FE-E5E8DBFA223D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "52AE89B2-C1A3-48C8-AEB5-4B0D757AE361", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ACA170D-21DB-47CD-AD73-2DEB2A2439F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "FFC48A66-7D1F-4446-BC50-6C1A1DF819E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "A0A86D90-C64E-4850-8D6E-94D3C0789241", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "06A50725-AC7A-4FDB-887A-3DCB369C943D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "D463EC3C-88F1-46D9-ADB6-6283DC23B0B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "43F8E361-E6D3-4666-B18D-928D550FD5D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6948CD9-8489-46BA-9159-24C842490702", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "35C43087-760E-482A-B34E-141A29AC57A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "669211F7-90EA-47AB-A787-34DD79DF8E25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "025B16D8-1023-4D47-BADD-C1E838B47D88", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "320E691F-D417-4D81-A223-C46FEFFD908A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "98CF3A74-B9F8-4689-B81C-F579D827DA5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "798F7A01-F006-4589-82F8-943F81015693", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "6A1C90C5-1B77-4BE5-ACDA-1F15D3F2A000", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "36940C55-BFD4-4C77-A26B-C0F273EAC2EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "8ECB753E-430C-4DBD-9063-506E749A21CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*", "matchCriteriaId": "3EBD3E93-1624-4B1D-8F9A-5683ADA4983E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*", "matchCriteriaId": "551B91B8-7A5A-4E5D-AAED-76705F8A2829", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*", "matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*", "matchCriteriaId": "77A68008-7392-4BE4-AB30-24D2BA124E3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*", "matchCriteriaId": "63F37BF5-D4D2-43AB-841A-E9AC32A68452", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*", "matchCriteriaId": "CB8A074B-069A-4520-8E3C-AB614C31B68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*", "matchCriteriaId": "D77DE5FD-060A-4AD6-A925-4E9EF186C835", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "87E895B9-5AF7-4A1F-B740-B3E13DE3254E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC720A50-9EF5-4B73-86D1-AE87D402611E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "464942E8-EDF3-4ECB-B907-FFCDBC9079C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1246C0E-DCAC-405E-ADCE-3D16D659C567", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "5703D8EC-259B-49C3-AADE-916227DEB96F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "184B40E3-28FD-49A4-9560-5E26293D7D08", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7CCE8BBA-6721-4257-9F2E-23AEB104564E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "AF2A3107-5F12-407E-9009-7F42B09299E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8928F415-C124-4B4A-9D59-40AC6845AFD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "955673D9-2912-48A2-93C9-10430290A4AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "268661C2-7A45-4743-8A09-48B3EE21212E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "35BBD83D-BDC7-4678-BE94-639F59281139", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE."}, {"lang": "es", "value": "libxml2 hasta 2.9.1 no controla correctamente la expansi\u00f3n de entidades externas a menos que un desarrollador de aplicaciones utilice la funci\u00f3n xmlSAX2ResolveEntity o xmlSetExternalEntityLoader, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos), enviar peticiones HTTP a los servidores de la intranet, o leer ficheros arbitrarios mediante un documento XML manipulada, tambi\u00e9n conocido una entidades externas XML (XXE) tema. NOTA: se podr\u00eda argumentar que debido a que libxml2 ya ofrece la posibilidad de desactivar la expansi\u00f3n entidad externa, la responsabilidad de la soluci\u00f3n de este problema se encuentra con los desarrolladores de aplicaciones, de acuerdo con este argumento, esta entrada debe ser rechazada y cada aplicaci\u00f3n afectada tendr\u00eda su propio CVE."}], "id": "CVE-2013-0339", "lastModified": "2023-11-07T02:13:48.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-21T18:55:09.053", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/02/21/24"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2013/02/22/3"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/182"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/184"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/oss-sec/2013/q4/188"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52662"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/54172"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55568"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2652"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/04/12/6"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1904-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1904-2"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libxml2: CPU consumption DoS and other effects when performing string substitutions during external entities expansion", "id": "915149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=915149"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE."], "name": "CVE-2013-0339", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "mingw32-libxml2", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0339\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0339"], "threat_severity": "Moderate"}