Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2003-1564

Disclosure Date: December 31, 2003
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the “billion laughs attack.”

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Technical Analysis