Open Source libxml2 reported in May 2014 X-Force Report
CVEID:CVE-2014-0191
DESCRIPTION:
Libxml2 is vulnerable to a denial of service, caused by the expansion of internal entities within the xmlParserHandlePEReference() function. A remote attacker could exploit this vulnerability using a specially-crafted XML document containing malicious attributes to consume all available CPU resources. The IBM Netezza Analytics product prior to 3.2.0.0 uses the affected version of libxml.
CVSS Base Score: 5.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93092 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM Netezza Analytics 3.1.x and earlier
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Netezza Analytics| 3.2.0.0|
| http://www-933.ibm.com/support/fixcentral
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm puredata system | eq | 1.0.0 |