CVE-2012-2921 - Vulnerability Details - OpenCVE

Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mark Pilgrim	Feedparser

Configuration 1 [-]

OR	cpe:2.3:a:mark_pilgrim:feedparser::::::::
	cpe:2.3:a:mark_pilgrim:feedparser:3.0:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:3.0.1:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:3.1:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:3.2:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:3.3:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:4.0:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:4.0.1:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:4.0.2:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:4.1:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:5.0:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:5.0.1:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:5.1:::::::*
	cpe:2.3:a:mark_pilgrim:feedparser:5.1.2:::::::*

No data.

References

Link	Providers
http://freecode.com/projects/feedparser/releases/344371
http://osvdb.org/81701
http://secunia.com/advisories/49256
http://www.mandriva.com/security/advisories?name=MDVSA-2013:118
http://www.securityfocus.com/bid/53654
https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706
https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-05-21T22:00:00

Updated: 2024-08-06T19:50:04.150Z

Reserved: 2012-05-21T00:00:00

Link: CVE-2012-2921

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-05-21T22:55:01.303

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2921

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "81701", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/81701"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"}, {"name": "53654", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53654"}, {"name": "MDVSA-2013:118", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://freecode.com/projects/feedparser/releases/344371"}, {"name": "49256", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/49256"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-2921", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "81701", "refsource": "OSVDB", "url": "http://osvdb.org/81701"}, {"name": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706", "refsource": "CONFIRM", "url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"}, {"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157", "refsource": "CONFIRM", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"}, {"name": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py", "refsource": "CONFIRM", "url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"}, {"name": "53654", "refsource": "BID", "url": "http://www.securityfocus.com/bid/53654"}, {"name": "MDVSA-2013:118", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"}, {"name": "http://freecode.com/projects/feedparser/releases/344371", "refsource": "CONFIRM", "url": "http://freecode.com/projects/feedparser/releases/344371"}, {"name": "49256", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/49256"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:50:04.150Z"}, "title": "CVE Program Container", "references": [{"name": "81701", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/81701"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"}, {"name": "53654", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/53654"}, {"name": "MDVSA-2013:118", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://freecode.com/projects/feedparser/releases/344371"}, {"name": "49256", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/49256"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-2921", "datePublished": "2012-05-21T22:00:00", "dateReserved": "2012-05-21T00:00:00", "dateUpdated": "2024-08-06T19:50:04.150Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:*:*:*:*:*:*:*:*", "matchCriteriaId": "848490D5-C504-46F4-B191-29E3A4F54783", "versionEndIncluding": "5.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F77200AB-F881-4FD6-9CCB-D5F60224A7DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "26821F56-74B7-40F2-831E-51F31E09820E", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "53E534A3-B856-4D06-9DF7-4C1693C960A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "46E2924E-5825-4ABE-B7CA-822298BBB55C", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "F51660B8-24D3-40EF-AAC9-AB57B12F8B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "598605D2-7141-4624-BE81-9BDA97DD81E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "62F11924-9771-4EA0-A1A0-914327ACD0C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "834A8E71-A549-4899-A9F3-4ED120C9E713", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "7D29647A-AD45-47B2-BFCC-089B075163D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF425D44-67B9-4FF4-B494-42D3DFE184A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4A78DF99-358D-46E8-A993-D2E922BDA630", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "7EEA2DDC-CA1F-4E1F-930D-A4C51480CFBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:mark_pilgrim:feedparser:5.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "38CBB532-115E-47E6-B96A-60996CC12DE0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document."}, {"lang": "es", "value": "Universal Feed Parser (feedparser or python-feedparser) en versiones anteriores a la 5.1.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de la memoria) a trav\u00e9s de una declaraci\u00f3n XML ENTITY modificada en un documento no codificado en ASCII."}], "id": "CVE-2012-2921", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-21T22:55:01.303", "references": [{"source": "cve@mitre.org", "url": "http://freecode.com/projects/feedparser/releases/344371"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/81701"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/49256"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/53654"}, {"source": "cve@mitre.org", "url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"}, {"source": "cve@mitre.org", "url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"}, {"source": "cve@mitre.org", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://freecode.com/projects/feedparser/releases/344371"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/81701"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/49256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/53654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}