Home > Vulnerability Database > CVE-2013-0338

Mend.io Vulnerability Database

CVE-2013-0338

Date: April 25, 2013

libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.

Language: C

Severity Score

3.7

Related Resources (17)

Url: https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2013:056

Url: http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html

Url: http://www.ubuntu.com/usn/USN-1782-1

Url: http://secunia.com/advisories/52662

Url: http://marc.info/?l=bugtraq&m=142798889927587&w=2

Url: https://access.redhat.com/security/cve/CVE-2013-0338

Url: http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

Url: http://www.debian.org/security/2013/dsa-2652

Url: http://secunia.com/advisories/55568

Url: https://bugzilla.redhat.com/show_bug.cgi?id=912400

Url: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Url: https://security-tracker.debian.org/tracker/CVE-2013-0338

Url: https://nvd.nist.gov/vuln/detail/CVE-2013-0338

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0338

Url: http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html

Url: https://www.mend.io/vulnerability-database/CVE-2013-0338

Severity Score

3.7

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2013-0338

Date: April 25, 2013

Language: C

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?