cve-2014-3660
Vulnerability from cvelistv5
Published
2014-11-04 16:00
Modified
2024-08-06 10:50
Severity ?
Summary
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
References
secalert@redhat.comhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1655.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-1885.html
secalert@redhat.comhttp://secunia.com/advisories/59903
secalert@redhat.comhttp://secunia.com/advisories/61965
secalert@redhat.comhttp://secunia.com/advisories/61966
secalert@redhat.comhttp://secunia.com/advisories/61991
secalert@redhat.comhttp://www.debian.org/security/2014/dsa-3057
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2014:244
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2014/10/17/7Patch
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
secalert@redhat.comhttp://www.securityfocus.com/bid/70644
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2389-1Vendor Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/attachment.cgi?id=944444&action=diff
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1149084
secalert@redhat.comhttps://support.apple.com/kb/HT205030Vendor Advisory
secalert@redhat.comhttps://support.apple.com/kb/HT205031Vendor Advisory
secalert@redhat.comhttps://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
af854a3a-2127-422b-91ae-364da2661108http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1655.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-1885.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/59903
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61965
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61966
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/61991
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2014/dsa-3057
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2014:244
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2014/10/17/7Patch
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/70644
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2389-1Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/attachment.cgi?id=944444&action=diff
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1149084
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT205030Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT205031Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:50:17.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "59903",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59903"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html"
          },
          {
            "name": "DSA-3057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3057"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205030"
          },
          {
            "name": "70644",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/70644"
          },
          {
            "name": "openSUSE-SU-2014:1330",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/attachment.cgi?id=944444\u0026action=diff"
          },
          {
            "name": "61966",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61966"
          },
          {
            "name": "61965",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61965"
          },
          {
            "name": "USN-2389-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2389-1"
          },
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "APPLE-SA-2015-08-13-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
          },
          {
            "name": "[oss-security] 20141017 libxml2 issue: billioun laughs variant (CVE-2014-3660)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/10/17/7"
          },
          {
            "name": "MDVSA-2014:244",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
          },
          {
            "name": "RHSA-2014:1655",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1655.html"
          },
          {
            "name": "RHSA-2014:1885",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-1885.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149084"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
          },
          {
            "name": "61991",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/61991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "name": "openSUSE-SU-2015:2372",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \"billion laughs\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "59903",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59903"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html"
        },
        {
          "name": "DSA-3057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3057"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205030"
        },
        {
          "name": "70644",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/70644"
        },
        {
          "name": "openSUSE-SU-2014:1330",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/attachment.cgi?id=944444\u0026action=diff"
        },
        {
          "name": "61966",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61966"
        },
        {
          "name": "61965",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61965"
        },
        {
          "name": "USN-2389-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2389-1"
        },
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "name": "APPLE-SA-2015-08-13-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
        },
        {
          "name": "[oss-security] 20141017 libxml2 issue: billioun laughs variant (CVE-2014-3660)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/10/17/7"
        },
        {
          "name": "MDVSA-2014:244",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
        },
        {
          "name": "RHSA-2014:1655",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1655.html"
        },
        {
          "name": "RHSA-2014:1885",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-1885.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149084"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
        },
        {
          "name": "61991",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/61991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "name": "openSUSE-SU-2015:2372",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205031"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-3660",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \"billion laughs\" attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "59903",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59903"
            },
            {
              "name": "https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html",
              "refsource": "MISC",
              "url": "https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html"
            },
            {
              "name": "DSA-3057",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3057"
            },
            {
              "name": "https://support.apple.com/kb/HT205030",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205030"
            },
            {
              "name": "70644",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/70644"
            },
            {
              "name": "openSUSE-SU-2014:1330",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html"
            },
            {
              "name": "https://bugzilla.redhat.com/attachment.cgi?id=944444\u0026action=diff",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/attachment.cgi?id=944444\u0026action=diff"
            },
            {
              "name": "61966",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61966"
            },
            {
              "name": "61965",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61965"
            },
            {
              "name": "USN-2389-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2389-1"
            },
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "APPLE-SA-2015-08-13-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
            },
            {
              "name": "[oss-security] 20141017 libxml2 issue: billioun laughs variant (CVE-2014-3660)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/10/17/7"
            },
            {
              "name": "MDVSA-2014:244",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:244"
            },
            {
              "name": "RHSA-2014:1655",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1655.html"
            },
            {
              "name": "RHSA-2014:1885",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-1885.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1149084",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1149084"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
            },
            {
              "name": "61991",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/61991"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205031"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-3660",
    "datePublished": "2014-11-04T16:00:00",
    "dateReserved": "2014-05-14T00:00:00",
    "dateUpdated": "2024-08-06T10:50:17.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3660\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-11-04T16:55:06.043\",\"lastModified\":\"2024-11-21T02:08:35.850\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the \\\"billion laughs\\\" attack.\"},{\"lang\":\"es\",\"value\":\"parser.c en libxml2 anterior a 2.9.2 no previene debidamente la expansi\u00f3n de entidades incluso cuando la substituci\u00f3n de entidades haya sido deshabilitada, lo que permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de un documento XML manipualdo que contiene un n\u00famero grande de referencias de entidades anidadas, una variante del ataque del \u0027bill\u00f3n de risas\u0027.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.9.1\",\"matchCriteriaId\":\"18BCA403-8F0F-4564-BE7E-1DE10408B54B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"586C0FAB-E288-4EFB-8946-4535971F23F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15236DDC-0095-4253-9113-61F76EFC0769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F95AB1-D3D0-4E39-B135-4B55991845CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"392E4AA7-00D2-45B1-9FA7-C1C7C37431F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7839A86-59AA-400C-BF29-18E612B8EB4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F9A211A-5C44-4BDC-9676-3B7B937835B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BECA085A-BEF1-4AD2-ABBA-069CE2642796\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E66BF7BC-5B5C-40BB-B826-3CC9DBAB53D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F330D609-31EB-4B4C-B007-ACEABA557F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9E2F05B-B298-489C-9E44-62E0A199E148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"070B2F1F-9A99-4A20-9BA9-CF175D482DA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25DC5AE4-9DEA-4828-96F0-57BACB6C9B25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE26E6D-53FF-4001-8F25-C112635CB74E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1210A8D-5359-4FD4-963F-506200AA20AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA748E50-798F-40EA-B252-0A166DEEB120\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B9E7CC-D552-4C9A-909E-42D375452E09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C20B5C-16E7-4C1B-A2DB-8EB4B9A7045D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A901B3-B0F4-4D2B-8CAF-25938219B657\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12FCBA01-D739-4BA2-83F5-D41A6DF91F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC8C43D-84C7-4C0C-8DD1-66206D665C35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E60C1B4-BBC1-4E2B-8323-A7E059EF6BEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B677850-4FE9-4522-ADAE-42C5D17D4A7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BB7931B-55AA-4735-8AAB-9F3A9E9C0123\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4A5B9AF-7F82-4EEC-A776-587C6DD44448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D33392-DD5C-4704-BECF-69D416F9F2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1BA896F-07D7-4B93-939B-B6CDD1DCA87C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"647CA5AD-5AC2-448E-8445-62837F413361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37D4241B-A328-45F0-9FAB-CEE20DC7432E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAAD77C4-84EC-4924-90F8-35A2375AA6A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A124C5A-C72C-4623-925E-378FF40671EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACD2FD4-E884-4FC5-842B-86AAE06D9E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14A9036D-1474-4097-9E70-09F7BBA2826C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8884CF6-2F5B-465F-841B-3C69EC3BE3BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A699B966-3756-4D5B-8693-0678EEDD8AD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1E50FED-4BAD-4D04-98C3-C2427E086C1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70880522-BBC0-4D5C-8DA3-245E189FA1C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A8BA1A0-F8E7-4B93-B667-D012C91F831E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27662848-9CD5-43BC-9A1B-8C6EBACCCC21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C967E50C-E7AA-49D0-A055-20CA083CA232\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA398ACA-73C2-4093-AD35-E30161C96C25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"757B5A74-6B7B-4F01-9891-9F9E510074C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C10CC4C-3A9C-4AD0-A7C1-ACF781BF20D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E67FD94-4E96-4FCC-990B-4C0A5C599ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E7DDE27-9DE8-4E45-AFA2-AFFEA8F0D917\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92CEEDA7-5DFC-4DB0-989E-F356E5CF65A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25D60B58-3558-4244-A5B3-8D16F53A9588\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5DB409B-795F-4F8A-85E1-0B4E66AE9D48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"457C47ED-A429-42AE-9FF9-978D605BACFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C20B9D5-9E10-4B6D-8095-B2A63EDB8D16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9087E4FE-661F-4803-BB3B-09D2699265E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C2D01CF-9FCE-41F8-997E-EA9BDCCD8C76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84E1C7A6-DCA7-4760-B1B6-EFB256978CFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F1E7CFF-E4B3-4B31-BE23-C187544E9488\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81EDD077-5183-4588-8DB1-93A0597AAA34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"530FE28C-0D51-4BF9-AE43-D65F9913B48B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F030053E-2292-42E2-8435-0CFBDDE688DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0258377-DD8B-4FA6-B075-E8489C83CEAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69E0BD23-38C6-43C0-870F-00B13F7C91D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D3350E-5186-4DC8-9D1B-59068A469496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F76783D0-63F8-48A7-85FE-E5E8DBFA223D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52AE89B2-C1A3-48C8-AEB5-4B0D757AE361\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACA170D-21DB-47CD-AD73-2DEB2A2439F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFC48A66-7D1F-4446-BC50-6C1A1DF819E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0A86D90-C64E-4850-8D6E-94D3C0789241\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A50725-AC7A-4FDB-887A-3DCB369C943D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D463EC3C-88F1-46D9-ADB6-6283DC23B0B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43F8E361-E6D3-4666-B18D-928D550FD5D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6948CD9-8489-46BA-9159-24C842490702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C43087-760E-482A-B34E-141A29AC57A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"669211F7-90EA-47AB-A787-34DD79DF8E25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"025B16D8-1023-4D47-BADD-C1E838B47D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320E691F-D417-4D81-A223-C46FEFFD908A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB8BEC58-AB2A-4953-A2E8-338EB894A494\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABDE6C9A-4F24-42B4-8AA3-3EBC97190322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44FB2813-BE9F-46A8-864B-435D883CA0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9DF1336-F831-4507-B45E-574BDE8AA8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33268B2F-3591-48D9-B123-92E3ABF157F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0830367A-9FB3-4291-88C0-38A471DFD22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5815E25-5305-4A32-81B3-89DB1D5C1AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CF3A74-B9F8-4689-B81C-F579D827DA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798F7A01-F006-4589-82F8-943F81015693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A1C90C5-1B77-4BE5-ACDA-1F15D3F2A000\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36940C55-BFD4-4C77-A26B-C0F273EAC2EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ECB753E-430C-4DBD-9063-506E749A21CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EBD3E93-1624-4B1D-8F9A-5683ADA4983E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"551B91B8-7A5A-4E5D-AAED-76705F8A2829\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8135B1-FB22-4755-A5ED-CDB16E3E85A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B4685BF-394A-4426-980A-2B1D37737C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77A68008-7392-4BE4-AB30-24D2BA124E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63F37BF5-D4D2-43AB-841A-E9AC32A68452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB8A074B-069A-4520-8E3C-AB614C31B68A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D77DE5FD-060A-4AD6-A925-4E9EF186C835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7069A49C-038C-4E7B-AF03-4D90D5734414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87E895B9-5AF7-4A1F-B740-B3E13DE3254E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC720A50-9EF5-4B73-86D1-AE87D402611E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"464942E8-EDF3-4ECB-B907-FFCDBC9079C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1246C0E-DCAC-405E-ADCE-3D16D659C567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5703D8EC-259B-49C3-AADE-916227DEB96F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184B40E3-28FD-49A4-9560-5E26293D7D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CCE8BBA-6721-4257-9F2E-23AEB104564E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF2A3107-5F12-407E-9009-7F42B09299E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8928F415-C124-4B4A-9D59-40AC6845AFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"955673D9-2912-48A2-93C9-10430290A4AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"268661C2-7A45-4743-8A09-48B3EE21212E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.10.4\",\"matchCriteriaId\":\"7883E465-932D-4C11-AA54-97E44181F906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"5D37DF0F-F863-45AC-853A-3E04F9FEC7CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3\"}]}]}],\"references\":[{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1655.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1885.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/59903\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61965\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61966\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/61991\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3057\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:244\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/10/17/7\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/70644\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2389-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=944444\u0026action=diff\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1149084\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/kb/HT205030\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1655.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-1885.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/59903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/61991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2014/dsa-3057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2014:244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2014/10/17/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/70644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2389-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/attachment.cgi?id=944444\u0026action=diff\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1149084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT205030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"\u003ca href=\\\"http://cwe.mitre.org/data/definitions/611.html\\\" target=\\\"_blank\\\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.