neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Neon | Webdav | 0.28.6 (including) | 0.28.6 (including) |
Red Hat Enterprise Linux 4 | RedHat | neon-0:0.24.7-4.el4_8.2 | * |
Red Hat Enterprise Linux 5 | RedHat | neon-0:0.25.5-10.el5_4.1 | * |
Red Hat Enterprise Linux 5 | RedHat | gnome-vfs2-0:2.16.2-10.el5 | * |