{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-08T12:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"}, {"name": "56166", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56166"}, {"name": "openSUSE-SU-2014:0173", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"}, {"name": "56008", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/56008"}, {"name": "openSUSE-SU-2014:0125", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.qt-project.org/#change%2C71010"}, {"name": "openSUSE-SU-2014:0176", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"}, {"name": "openSUSE-SU-2014:0067", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"}, {"name": "USN-2057-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2057-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.qt-project.org/#change%2C71368"}, {"name": "openSUSE-SU-2014:0070", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"}, {"name": "FEDORA-2014-5695", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.815Z"}, "title": "CVE Program Container", "references": [{"name": "[qt-announce] 20131205 [Announce] Qt Project Security Advisory: XML Entity Expansion\tDenial of Service", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"}, {"name": "56166", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56166"}, {"name": "openSUSE-SU-2014:0173", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"}, {"name": "56008", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/56008"}, {"name": "openSUSE-SU-2014:0125", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.qt-project.org/#change%2C71010"}, {"name": "openSUSE-SU-2014:0176", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"}, {"name": "openSUSE-SU-2014:0067", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"}, {"name": "USN-2057-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2057-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.qt-project.org/#change%2C71368"}, {"name": "openSUSE-SU-2014:0070", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"}, {"name": "FEDORA-2014-5695", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4549", "datePublished": "2013-12-23T22:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.815Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "73CA5980-1396-4C98-8745-90A8F9767B58", "versionEndIncluding": "5.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5", "vulnerable": false}, {"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708", "vulnerable": false}, {"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."}, {"lang": "es", "value": "QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE)."}], "id": "CVE-2013-4549", "lastModified": "2023-02-13T04:47:35.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-23T22:55:02.880", "references": [{"source": "secalert@redhat.com", "url": "http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released/"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132395.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00044.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00047.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00085.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00104.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00106.html"}, {"source": "secalert@redhat.com", "url": "http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56008"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/56166"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2057-1"}, {"source": "secalert@redhat.com", "url": "https://codereview.qt-project.org/#change%2C71010"}, {"source": "secalert@redhat.com", "url": "https://codereview.qt-project.org/#change%2C71368"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "QtXML: XML entity expansion denial of service", "id": "955375", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=955375"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-611", "details": ["QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack."], "name": "CVE-2013-4549", "public_date": "2013-12-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4549\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4549"], "statement": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Moderate"}