CVE-2009-2473

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Configurations

Configuration 1 (hide)

cpe:2.3:a:webdav:neon:0.28.6:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-08-21 17:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-2473

Mitre link : CVE-2009-2473

CVE.ORG link : CVE-2009-2473


JSON object : View

Products Affected

webdav

  • neon
CWE
CWE-399

Resource Management Errors