14 Mar '13, 2pm

Entity expansion DoS vulnerability in REXML (XML bomb, CVE-2013-1821)

Unrestricted entity expansion can lead to a DoS vulnerability in REXML. This vulnerability has been assigned the CVE identifier CVE-2013-1821. We strongly recommend to upgrade ruby. Details When reading text nodes from an XML document, the REXML parser can be coerced in to allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service. Impacted code will look something like this: document = REXML::Document.new some_xml_doc document.root.text When the `text` method is called, entities will be expanded. An attacker can send a relatively small XML document that, when the entities are resolved, will consume extreme amounts of memory on the target system. Note that this attack is similar to, but different from the Billion Laughs attack. This is also related to CVE-2013-1664 of Python. All users running an affected release...

Full article: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-201...

Tweets