{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-06-15T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "52662", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52662"}, {"name": "openSUSE-SU-2013:0555", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"}, {"name": "SUSE-SU-2013:1627", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"}, {"name": "openSUSE-SU-2013:0552", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"}, {"name": "SSRT101996", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "DSA-2652", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2652"}, {"name": "HPSBGN03302", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"name": "55568", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55568"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"}, {"name": "USN-1782-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1782-1"}, {"name": "MDVSA-2013:056", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:25:09.526Z"}, "title": "CVE Program Container", "references": [{"name": "52662", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52662"}, {"name": "openSUSE-SU-2013:0555", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"}, {"name": "SUSE-SU-2013:1627", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"}, {"name": "openSUSE-SU-2013:0552", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"}, {"name": "SSRT101996", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"name": "DSA-2652", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2652"}, {"name": "HPSBGN03302", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"name": "55568", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/55568"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"}, {"name": "USN-1782-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1782-1"}, {"name": "MDVSA-2013:056", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-0338", "datePublished": "2013-04-25T23:00:00", "dateReserved": "2012-12-06T00:00:00", "dateUpdated": "2024-08-06T14:25:09.526Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "47270C45-F272-42F6-8E5F-3D92684100E3", "versionEndIncluding": "2.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2524F0A-AC51-44CB-A4ED-09B70C7E19A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "569432A3-3145-40CD-BFA8-6B70BE47F3E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "9635F852-0577-45F6-A301-8DF8108860A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "D2E409CD-F17C-4A1F-8F84-5E495B2D4652", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E08C8CA8-9F4E-4591-9DDC-C1102F691647", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "E973C066-2745-49B5-9FDA-CCD6CE0633B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "F8070C75-15A8-4A9D-AA0F-4D92CC2691ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6EDF7C8-50C8-4A20-975E-06B2D528E2B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE252FCD-647B-4586-A8EC-6BB095BB3E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "5291EC59-4016-40B3-BF08-292080D19243", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "0A84CCC4-6F7E-4563-AE45-AF6B45A7D1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "F2E74FC5-77EE-42A9-B2F7-6C4FC2F0CD20", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "FADFC1E5-2F83-484B-852B-D71B7D1C5A80", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "E2779B6F-AA9F-4D2D-9DD1-9BC9A9042DD7", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B172A659-DC83-483D-8DBE-637E89DF3DFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "B3FD4D7C-1826-4BC9-BCEA-6FB8D7738D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "52800CB4-6389-4AB0-A098-8F465CF4A733", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*", "matchCriteriaId": "7D499267-5C14-4888-92C7-2ECE909BD9F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "586C0FAB-E288-4EFB-8946-4535971F23F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "15236DDC-0095-4253-9113-61F76EFC0769", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "98F95AB1-D3D0-4E39-B135-4B55991845CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "392E4AA7-00D2-45B1-9FA7-C1C7C37431F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*", "matchCriteriaId": "C7839A86-59AA-400C-BF29-18E612B8EB4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0F9A211A-5C44-4BDC-9676-3B7B937835B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "BECA085A-BEF1-4AD2-ABBA-069CE2642796", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "E66BF7BC-5B5C-40BB-B826-3CC9DBAB53D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "F330D609-31EB-4B4C-B007-ACEABA557F54", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D9E2F05B-B298-489C-9E44-62E0A199E148", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "070B2F1F-9A99-4A20-9BA9-CF175D482DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "25DC5AE4-9DEA-4828-96F0-57BACB6C9B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "BDE26E6D-53FF-4001-8F25-C112635CB74E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "D1210A8D-5359-4FD4-963F-506200AA20AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "AA748E50-798F-40EA-B252-0A166DEEB120", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "C5B9E7CC-D552-4C9A-909E-42D375452E09", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "06C20B5C-16E7-4C1B-A2DB-8EB4B9A7045D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D7A901B3-B0F4-4D2B-8CAF-25938219B657", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "12FCBA01-D739-4BA2-83F5-D41A6DF91F1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "EFC8C43D-84C7-4C0C-8DD1-66206D665C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "5E60C1B4-BBC1-4E2B-8323-A7E059EF6BEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8B677850-4FE9-4522-ADAE-42C5D17D4A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "9BB7931B-55AA-4735-8AAB-9F3A9E9C0123", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "F4A5B9AF-7F82-4EEC-A776-587C6DD44448", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "94D33392-DD5C-4704-BECF-69D416F9F2C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "B1BA896F-07D7-4B93-939B-B6CDD1DCA87C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*", "matchCriteriaId": "647CA5AD-5AC2-448E-8445-62837F413361", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "37D4241B-A328-45F0-9FAB-CEE20DC7432E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "CAAD77C4-84EC-4924-90F8-35A2375AA6A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*", "matchCriteriaId": "6A124C5A-C72C-4623-925E-378FF40671EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "8ACD2FD4-E884-4FC5-842B-86AAE06D9E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "14A9036D-1474-4097-9E70-09F7BBA2826C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E8884CF6-2F5B-465F-841B-3C69EC3BE3BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A699B966-3756-4D5B-8693-0678EEDD8AD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1E50FED-4BAD-4D04-98C3-C2427E086C1B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "70880522-BBC0-4D5C-8DA3-245E189FA1C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "1A8BA1A0-F8E7-4B93-B667-D012C91F831E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "27662848-9CD5-43BC-9A1B-8C6EBACCCC21", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "C967E50C-E7AA-49D0-A055-20CA083CA232", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA398ACA-73C2-4093-AD35-E30161C96C25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "757B5A74-6B7B-4F01-9891-9F9E510074C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "5C10CC4C-3A9C-4AD0-A7C1-ACF781BF20D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "2E67FD94-4E96-4FCC-990B-4C0A5C599ED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "8E7DDE27-9DE8-4E45-AFA2-AFFEA8F0D917", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "92CEEDA7-5DFC-4DB0-989E-F356E5CF65A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "25D60B58-3558-4244-A5B3-8D16F53A9588", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "E5DB409B-795F-4F8A-85E1-0B4E66AE9D48", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*", "matchCriteriaId": "457C47ED-A429-42AE-9FF9-978D605BACFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*", "matchCriteriaId": "3C20B9D5-9E10-4B6D-8095-B2A63EDB8D16", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*", "matchCriteriaId": "9087E4FE-661F-4803-BB3B-09D2699265E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*", "matchCriteriaId": "7C2D01CF-9FCE-41F8-997E-EA9BDCCD8C76", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*", "matchCriteriaId": "84E1C7A6-DCA7-4760-B1B6-EFB256978CFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*", "matchCriteriaId": "9F1E7CFF-E4B3-4B31-BE23-C187544E9488", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*", "matchCriteriaId": "81EDD077-5183-4588-8DB1-93A0597AAA34", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*", "matchCriteriaId": "530FE28C-0D51-4BF9-AE43-D65F9913B48B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*", "matchCriteriaId": "F030053E-2292-42E2-8435-0CFBDDE688DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*", "matchCriteriaId": "A0258377-DD8B-4FA6-B075-E8489C83CEAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*", "matchCriteriaId": "69E0BD23-38C6-43C0-870F-00B13F7C91D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*", "matchCriteriaId": "F3D3350E-5186-4DC8-9D1B-59068A469496", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*", "matchCriteriaId": "F76783D0-63F8-48A7-85FE-E5E8DBFA223D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*", "matchCriteriaId": "52AE89B2-C1A3-48C8-AEB5-4B0D757AE361", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ACA170D-21DB-47CD-AD73-2DEB2A2439F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "FFC48A66-7D1F-4446-BC50-6C1A1DF819E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "A0A86D90-C64E-4850-8D6E-94D3C0789241", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "06A50725-AC7A-4FDB-887A-3DCB369C943D", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*", "matchCriteriaId": "D463EC3C-88F1-46D9-ADB6-6283DC23B0B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*", "matchCriteriaId": "43F8E361-E6D3-4666-B18D-928D550FD5D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6948CD9-8489-46BA-9159-24C842490702", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "35C43087-760E-482A-B34E-141A29AC57A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "669211F7-90EA-47AB-A787-34DD79DF8E25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "025B16D8-1023-4D47-BADD-C1E838B47D88", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "320E691F-D417-4D81-A223-C46FEFFD908A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "98CF3A74-B9F8-4689-B81C-F579D827DA5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "798F7A01-F006-4589-82F8-943F81015693", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "6A1C90C5-1B77-4BE5-ACDA-1F15D3F2A000", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "36940C55-BFD4-4C77-A26B-C0F273EAC2EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "8ECB753E-430C-4DBD-9063-506E749A21CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*", "matchCriteriaId": "3EBD3E93-1624-4B1D-8F9A-5683ADA4983E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*", "matchCriteriaId": "551B91B8-7A5A-4E5D-AAED-76705F8A2829", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*", "matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*", "matchCriteriaId": "77A68008-7392-4BE4-AB30-24D2BA124E3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*", "matchCriteriaId": "63F37BF5-D4D2-43AB-841A-E9AC32A68452", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*", "matchCriteriaId": "CB8A074B-069A-4520-8E3C-AB614C31B68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*", "matchCriteriaId": "D77DE5FD-060A-4AD6-A925-4E9EF186C835", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "87E895B9-5AF7-4A1F-B740-B3E13DE3254E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC720A50-9EF5-4B73-86D1-AE87D402611E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "464942E8-EDF3-4ECB-B907-FFCDBC9079C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1246C0E-DCAC-405E-ADCE-3D16D659C567", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "5703D8EC-259B-49C3-AADE-916227DEB96F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "184B40E3-28FD-49A4-9560-5E26293D7D08", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7CCE8BBA-6721-4257-9F2E-23AEB104564E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "AF2A3107-5F12-407E-9009-7F42B09299E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "268661C2-7A45-4743-8A09-48B3EE21212E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*", "matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", "matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity."}, {"lang": "es", "value": "libxml2 v2.9.0 y anteriores permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de un archivo XML que contiene una declaraci\u00f3n de la entidad con el nuevo texto largo y muchas referencias a esta entidad, tambi\u00e9n conocido como \"expansi\u00f3n entidad interna\" con complejidad lineal."}], "evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1782-1/ \"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\r\n Ubuntu 10.04 LTS\r\n Ubuntu 8.04 LTS\"\r\n\r\nPer http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html \"http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html\"\r\n", "id": "CVE-2013-0338", "lastModified": "2024-11-21T01:47:20.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-25T23:55:01.500", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"source": "secalert@redhat.com", "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/52662"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/55568"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2652"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1782-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"}, {"source": "secalert@redhat.com", "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/52662"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/55568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1782-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0581", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "libxml2-0:2.6.26-2.1.21.el5_9.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-02-28T00:00:00Z"}, {"advisory": "RHSA-2013:0581", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libxml2-0:2.7.6-12.el6_4.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-28T00:00:00Z"}], "bugzilla": {"description": "libxml2: CPU consumption DoS when performing string substitutions during entities expansion", "id": "912400", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "details": ["libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity."], "name": "CVE-2013-0338", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "mingw32-libxml2", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2013-02-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-0338\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0338"], "threat_severity": "Moderate"}