A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service.
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libxml2 | Xmlsoft | * | 2.9.11 (excluding) |