The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Leap | Opensuse | 42.1 (including) | 42.1 (including) |