FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5fa90ee6-bc9e-11eb-a287-e0d55e2a8bf9texproc/expat2 -- billion laugh attack

Kurt Seifried reports:

So here are the CVE's for the two big ones, libxml2 and expat. Both are affected by the expansion of internal entities (which can be used to consume resources) and external entities (which can cause a denial of service against other services, be used to port scan, etc.).

A billion laughs attack is a type of denial-of-service attack which is aimed at parsers of XML documents.


Discovery 2013-02-21
Entry 2021-05-24
expat
lt 2.4.1

CVE-2013-0340
https://www.openwall.com/lists/oss-security/2013/02/22/3
https://blog.hartwork.org/posts/cve-2013-0340-billion-laughs-fixed-in-expat-2-4-0/
https://nvd.nist.gov/vuln/detail/CVE-2013-0340