2003-12-31 06:00:00 2008-10-24 06:30:02

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE
OpenStack Keystone 2013.1.1 OpenStack Grizzly 2013.1.4 OpenStack Havana 2013.2.1 OpenStack Havana Havana-2 OpenStack Havana Havana-1 OpenStack Keystone 2013.2.2 OpenStack Heat 2014.1 OpenStack Image Registry and Delivery Service (Glance) 2014.1.3 OpenStack Heat 2013.2.2 OpenStack Heat 2013.2.3 OpenStack Heat 2013.2 OpenStack Image Registry and Delivery Service (Glance) 2014.1.1 OpenStack Heat 2013.2.1 OpenStack Image Registry and Delivery Service (Glance) 2014.1.2 OpenStack OpenStack Dashboard (Horizon) 2013.1 OpenStack Image Registry and Delivery Service (Glance) 2014.1.4 OpenStack OpenStack Dashboard (Horizon) 2013.2 Openstack Juno 2014.2.2 OpenStack Keystone 2013.1.2 OpenStack Keystone 2013 OpenStack OpenStack Dashboard (Horizon) 2012.1 OpenStack Keystone (Grizzly) 2013.1 OpenStack OpenStack Dashboard (Horizon) 2013.2.4 OpenStack OpenStack Dashboard (Horizon) 2014.2.2 OpenStack OpenStack Dashboard (Horizon) 2014.1 OpenStack OpenStack Dashboard (Horizon) 2014.2.1 OpenStack Grizzly 2013.1.1 OpenStack OpenStack Dashboard (Horizon) 2014.1.1 OpenStack OpenStack Dashboard (Horizon) 2014.2.3 OpenStack OpenStack Dashboard (Horizon) 2014.2.0 OpenStack OpenStack Dashboard (Horizon) 2013.2.3 OpenStack OpenStack Dashboard (Horizon) 2014.1.2 OpenStack OpenStack Dashboard (Horizon) 2013.2.1 OpenStack Keystone 2013.2 OpenStack Keystone 2013.2.1 OpenStack Keystone 2013.1.3 OpenStack OpenStack Dashboard (Horizon) 2012.2 OpenStack Keystone 2013.1.4 OpenStack Havana Havana-3 OpenStack Grizzly 2013.1.2 OpenStack Keystone 2012.2.3 OpenStack Keystone 2012.2.4 OpenStack Keystone 2012.2.1 OpenStack Grizzly 2013.1.3 OpenStack Keystone 2012.2.2 OpenStack Keystone 2012.1.3 OpenStack Keystone 2012.2 OpenStack Keystone 2012.1.1 OpenStack Keystone 2012.1.2 Openstack Juno 2014.2.3 OpenStack Keystone 2012.1 OpenStack Grizzly 2013.1 OpenStack Folsom 2012.2.3 OpenStack Folsom 2012.2.4 OpenStack OpenStack Dashboard (Horizon) 2013.2.2 OpenStack OpenStack Dashboard (Horizon) folsom-3 OpenStack OpenStack Dashboard (Horizon) folsom-1 Openstack Juno 2014.2 OpenStack Image Registry and Delivery Service (Glance) 2013.2.4 OpenStack Image Registry and Delivery Service (Glance) juno-3 OpenStack Image Registry and Delivery Service (Glance) 2013.2.3 OpenStack Image Registry and Delivery Service (Glance) 2014.2.2 OpenStack OpenStack Dashboard (Horizon) juno-2 OpenStack Image Registry and Delivery Service (Glance) 2014.1 OpenStack Image Registry and Delivery Service (Glance) juno-2 OpenStack Image Registry and Delivery Service (Glance) 2013.2 OpenStack Image Registry and Delivery Service (Glance) 2013.2.2 OpenStack Image Registry and Delivery Service (Glance) 2014.2.1 OpenStack OpenStack Dashboard (Horizon) juno-1 OpenStack Image Registry and Delivery Service (Glance) 2014.2 release candidate 1 OpenStack icehouse 2014.1.4 OpenStack Image Registry and Delivery Service (Glance) juno-1 OpenStack Image Registry and Delivery Service (Glance) OpenStack Image Registry and Delivery Service (Glance) 2013.2.1 OpenStack Image Registry and Delivery Service (Glance) 2014.2 release candidate 3 OpenStack OpenStack Dashboard (Horizon) juno-3 OpenStack Image Registry and Delivery Service (Glance) 2014.2 OpenStack icehouse OpenStack Image Registry and Delivery Service (Glance) 2014.2 release candidate 2 Openstack Glance 2015.1.1