c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| C3p0 | Mchange | * | 0.9.5.2 (excluding) |
| Red Hat Fuse 7.6.0 | RedHat | c3p0 | * |
| C3p0 | Ubuntu | bionic | * |
| C3p0 | Ubuntu | cosmic | * |
| C3p0 | Ubuntu | devel | * |
| C3p0 | Ubuntu | disco | * |
| C3p0 | Ubuntu | eoan | * |
| C3p0 | Ubuntu | esm-apps/jammy | * |
| C3p0 | Ubuntu | esm-apps/noble | * |
| C3p0 | Ubuntu | esm-apps/xenial | * |
| C3p0 | Ubuntu | esm-infra-legacy/trusty | * |
| C3p0 | Ubuntu | focal | * |
| C3p0 | Ubuntu | groovy | * |
| C3p0 | Ubuntu | hirsute | * |
| C3p0 | Ubuntu | impish | * |
| C3p0 | Ubuntu | jammy | * |
| C3p0 | Ubuntu | kinetic | * |
| C3p0 | Ubuntu | lunar | * |
| C3p0 | Ubuntu | mantic | * |
| C3p0 | Ubuntu | noble | * |
| C3p0 | Ubuntu | oracular | * |
| C3p0 | Ubuntu | trusty | * |
| C3p0 | Ubuntu | trusty/esm | * |
| C3p0 | Ubuntu | upstream | * |
| C3p0 | Ubuntu | xenial | * |