Denial of Service Vulnerability in libxml2 by Software Vendor
CVE-2009-2414

Currently unrated

Key Information:

Vendor: Xmlsoft
Status: Libxml2; Libxml
Vendor: CVE Published:; 11 August 2009

What is CVE-2009-2414?

libxml2 versions 2.5.10, 2.6.16, 2.6.26, 2.6.27, 2.6.32, and libxml 1.8.17 exhibit a vulnerability that can be exploited by attackers using specially crafted DTDs to leverage deep recursion in parsing element declarations. This recursion can result in excessive stack consumption, ultimately causing the application to crash. This flaw has been demonstrated using the Codenomicon XML fuzzing framework, highlighting the potential for denial of service attacks in systems reliant on these libraries.

References

http://www.ubuntu.com/usn/USN-815-1

vendor-advisoryx_refsource_UBUNTU

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/36631

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 11, 2009
Vulnerability Reserved
Jul 9, 2009

Xmlsoft

What is CVE-2009-2414?

References

Timeline