{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-02-21T00:00:00.000Z","descriptions":[{"lang":"en","value":"libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue.  NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2014-01-21T17:57:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"52662","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/52662"},{"name":"SUSE-SU-2013:1627","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"},{"name":"[oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS","tags":["mailing-list","x_refsource_MLIST"],"url":"http://openwall.com/lists/oss-security/2013/02/21/24"},{"name":"[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion","tags":["mailing-list","x_refsource_MLIST"],"url":"http://openwall.com/lists/oss-security/2013/02/22/3"},{"name":"[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2013/q4/188"},{"name":"[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2013/q4/184"},{"name":"[oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2013/q4/182"},{"name":"USN-1904-2","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1904-2"},{"name":"USN-1904-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-1904-1"},{"name":"DSA-2652","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2013/dsa-2652"},{"tags":["x_refsource_MISC"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=915149"},{"name":"54172","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/54172"},{"name":"55568","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/55568"},{"tags":["x_refsource_MISC"],"url":"https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"},{"name":"[oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2013/04/12/6"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T14:25:09.789Z"},"title":"CVE Program Container","references":[{"name":"52662","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/52662"},{"name":"SUSE-SU-2013:1627","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"},{"name":"[oss-security] 20130221 CVE Guidance for Libraries and Resource-Consumption DoS","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://openwall.com/lists/oss-security/2013/02/21/24"},{"name":"[oss-security] 20130221 CVEs for libxml2 and expat internal and external XML entity expansion","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://openwall.com/lists/oss-security/2013/02/22/3"},{"name":"[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2013/q4/188"},{"name":"[oss-security] 20131029 Re: CVE Request: libxml2 external parsed entities issue","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2013/q4/184"},{"name":"[oss-security] 20131028 Re: CVE Request: libxml2 external parsed entities issue","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2013/q4/182"},{"name":"USN-1904-2","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1904-2"},{"name":"USN-1904-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-1904-1"},{"name":"DSA-2652","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2013/dsa-2652"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=915149"},{"name":"54172","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/54172"},{"name":"55568","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/55568"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f"},{"name":"[oss-security] 20130412 Re-evaluating expat/libxml2 CVE assignments","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2013/04/12/6"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-0339","datePublished":"2014-01-21T18:00:00.000Z","dateReserved":"2012-12-06T00:00:00.000Z","dateUpdated":"2024-08-06T14:25:09.789Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}