oss-sec mailing list archives

Re: CVE Request -- LuaExpat -- Prone to XML "billion laughs attack"

From: Josh Bressers <bressers () redhat com>
Date: Mon, 6 Jun 2011 14:20:57 -0400 (EDT)

----- Original Message -----

Hello, Josh, Steve, vendors,

It was found that LuaExpat, a SAX XML parser based on the Expat
library, is prone to XML "billion laughs attack", as described in:
[1]
http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html#N100F1

A remote attacker could provide a specially-crafted XML file, which
once opened in an application, linked against LuaExpat, could cause
that application to crash.

References:
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629225
[3] http://matthewwild.co.uk/projects/luaexpat/luaexpat-1.2.0.tar.gz
[4] https://bugzilla.redhat.com/show_bug.cgi?id=711027


Please use CVE-2011-2188 for this.

Thanks.

-- 
    JB

Current thread:

CVE Request -- LuaExpat -- Prone to XML "billion laughs attack" Jan Lieskovsky (Jun 06)
- Re: CVE Request -- LuaExpat -- Prone to XML "billion laughs attack" Josh Bressers (Jun 06)