FreeBSD : libxml2 -- entity substitution DoS (efdd0edc-da3d-11e3-9ecb-2c4138874f7d)
Medium Nessus Plugin ID 73975
The remote FreeBSD host is missing one or more security-related updates.
Stefan Cornelius reports : It was discovered that libxml2, a library providing support to read, modify and write XML files, incorrectly performs entity substitution in the doctype prolog, even if the application using libxml2 disabled any entity substitution. A remote attacker could provide a specially crafted XML file that, when processed, would lead to the exhaustion of CPU and memory resources or file descriptors. This issue was discovered by Daniel Berrange of Red Hat.