CVE-2015-3451
Description
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.979
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Perl interface to the libxml2 library (USN-2592-1) libxml-libxml-perl_1.89+dfsg-1ubuntu0.1_i386.deb | Linux |
| Perl interface to the libxml2 library (USN-2592-1) libxml-libxml-perl_1.89+dfsg-1ubuntu0.1_amd64.deb | Linux |
| Perl interface to the libxml2 library (USN-2592-1) libxml-libxml-perl_2.0108+dfsg-1ubuntu0.1_i386.deb | Linux |
| Perl interface to the libxml2 library (USN-2592-1) libxml-libxml-perl_2.0108+dfsg-1ubuntu0.1_amd64.deb | Linux |
| Perl interface to the libxml2 library (USN-2592-1) libxml-libxml-perl_2.0116+dfsg-1ubuntu0.15.04.1_i386.deb | Linux |
| Perl interface to the libxml2 library (USN-2592-1) libxml-libxml-perl_2.0116+dfsg-1ubuntu0.15.04.1_amd64.deb | Linux |
| libxml-libxml-perl security update(DSA-3243-1) libxml-libxml-perl_2.0001+dfsg-1+deb7u1_i386.deb | Linux |
| libxml-libxml-perl security update(DSA-3243-1) libxml-libxml-perl_2.0116+dfsg-1+deb8u1_i386.deb | Linux |
| libxml-libxml-perl security update(DSA-3243-1) libxml-libxml-perl_2.0116+dfsg-1+deb8u1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234