UBUNTU-CVE-2015-3451

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2015-3451

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-3451.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2015-3451

Related

Published

2015-05-01T00:00:00Z

Modified

2025-01-13T10:21:09Z

Summary

[none]

Details

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

References

Affected packages

Ubuntu:14.04:LTS / libxml-libxml-perl

Package

Name: libxml-libxml-perl
Purl: pkg:deb/ubuntu/libxml-libxml-perl@2.0108+dfsg-1ubuntu0.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0108+dfsg-1ubuntu0.1

Affected versions

2.*

2.0010+dfsg-1

2.0106+dfsg-1

2.0107+dfsg-1

2.0108+dfsg-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.0108+dfsg-1ubuntu0.1",
            "binary_name": "libxml-libxml-perl"
        }
    ]
}