Skip to content
GitLab
Commit 78831e7a authored by Daniel Veillard's avatar Daniel Veillard Committed by Michael Brüning
Browse files

[Backport] CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses... 

[Backport] CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms

Manual backport of patch originally committed at
https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e

:
Patch for security issue CVE-2021-3541

This is relapted to parameter entities expansion and following
the line of the billion laugh attack. Somehow in that path the
counting of parameters was missed and the normal algorithm based
on entities "density" was useless.

Change-Id: I81d1ab274ae80a9e0e0890dada92d3f09584e4e7
Reviewed-by: default avatarAllan Sandfeld Jensen <allan.jensen@qt.io>
parent 655e5c95
69-based
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 26 additions and 0 deletions
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment