Denial of Service Vulnerability in libxml2's xmlStringLenDecodeEntities Function

Denial of Service Vulnerability in libxml2's xmlStringLenDecodeEntities Function

CVE-2015-5312 · HIGH Severity

AV:N/AC:M/AU:N/C:N/I:N/A:C

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Learn more about our Web Application Penetration Testing UK.