CVE-2013-0338

NameCVE-2013-0338
Descriptionlibxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2652-1
NVD severitymedium (attack range: remote)
Debian Bugs702260

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxml2 (PTS)wheezy2.8.0+dfsg1-7+wheezy5fixed
wheezy (security)2.8.0+dfsg1-7+wheezy6fixed
jessie2.9.1+dfsg1-5+deb8u1fixed
jessie (security)2.9.1+dfsg1-5+deb8u2fixed
stretch, sid2.9.3+dfsg1-1.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxml2source(unstable)2.8.0+dfsg1-7+nmu1medium702260
libxml2sourcesqueeze2.7.8.dfsg-2+squeeze7mediumDSA-2652-1

Search for package or bug name: Reporting problems