LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Luaexpat | Matthewwild | * | 1.1.0 (including) |
Luaexpat | Matthewwild | 1.0 (including) | 1.0 (including) |
Luaexpat | Matthewwild | 1.0.1 (including) | 1.0.1 (including) |
Luaexpat | Matthewwild | 1.0.2 (including) | 1.0.2 (including) |
Lua-expat | Ubuntu | hardy | * |
Lua-expat | Ubuntu | lucid | * |
Lua-expat | Ubuntu | maverick | * |
Lua-expat | Ubuntu | natty | * |
Lua-expat | Ubuntu | upstream | * |