Patch for security issue CVE-2021-3541
This is relapted to parameter entities expansion and following the line of the billion laugh attack. Somehow in that path the counting of parameters was missed and the normal algorithm based on entities "density" was useless.
-
Hi @veillard and dear libxml2 maintainers,
Do we get a test case to reproduce this CVE now?
I'm affected by this CVE and I want to confirm the problem.
BTW it's strange this CVE could not be found in NVD. I think it's because the cve is still a private now. Is it? :)
Thank you for your hard work.
Please register or sign in to comment