Patch for security issue CVE-2021-3541 (8598060b) · Commits · GNOME / libxml2 · GitLab

Commit 8598060b authored May 13, 2021 by

Daniel Veillard

Patch for security issue CVE-2021-3541

This is relapted to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.

parent bfd2f430

Pipeline #282584 passed with stage

in 12 minutes and 22 seconds

Hide whitespace changes

Inline Side-by-side

Lee @PeterAlfredLee · May 15, 2021

Hi @veillard and dear libxml2 maintainers,

Do we get a test case to reproduce this CVE now?

I'm affected by this CVE and I want to confirm the problem.

BTW it's strange this CVE could not be found in NVD. I think it's because the cve is still a private now. Is it? :)

Thank you for your hard work.

Hi @veillard and dear libxml2 maintainers, Do we get a test case to reproduce this CVE now? I'm affected by this CVE and I want to confirm the problem. BTW it's strange this CVE could not be found in NVD. I think it's because the cve is still a private now. Is it? :) Thank you for your hard work.

Please register or to comment