oss-sec mailing list archives

CVE Request -- LuaExpat -- Prone to XML "billion laughs attack"

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 06 Jun 2011 11:50:01 +0200

Hello, Josh, Steve, vendors,

  It was found that LuaExpat, a SAX XML parser based on the Expat
library, is prone to XML "billion laughs attack", as described in:

[1]http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html#N100F1


A remote attacker could provide a specially-crafted XML file, which
once opened in an application, linked against LuaExpat, could cause
that application to crash.

References:
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629225
[3] http://matthewwild.co.uk/projects/luaexpat/luaexpat-1.2.0.tar.gz
[4] https://bugzilla.redhat.com/show_bug.cgi?id=711027

Could you allocate a CVE id for this?

Thank you & Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- LuaExpat -- Prone to XML "billion laughs attack" Jan Lieskovsky (Jun 06)
- Re: CVE Request -- LuaExpat -- Prone to XML "billion laughs attack" Josh Bressers (Jun 06)