Preview Tool

Cisco Bug: CSCur44055 - LibXml: Crafted XML File Remote Denial of Service Vulnerability

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Virtualization Experience Client 6000 Series

Known Affected Releases


Description (partial)

Cisco Virtualization Experience Client 6000 Series includes a version of libxml2 that is affected by the
vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-3660: parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity
substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU
consumption) via a crafted XML document containing a large number of nested entity references, a variant of
the ''billion laughs'' attack.

This bug was opened to address the potential impact on this product.

Running version of the software prior to the Known Fixed Releases
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.