Tech

Major security holes in popular XML libraries

A security research outfit has issued a warning for several critical vulnerabilities in popular XML libraries used by a wide range of software vendors.The flaws, discovered earlier this year by Codenomicon, affect a wide range of technology products, including servers and server applications, workstations and end user applications, network devices, embedded systems and mobile devices.

Written by Ryan Naraine, Contributor Aug. 6, 2009 at 12:26 a.m. PT

A security research outfit has issued a warning for several critical vulnerabilities in popular XML libraries used by a wide range of software vendors.

The flaws, discovered earlier this year by Codenomicon, affect a wide range of technology products, including servers and server applications, workstations and end user applications, network devices, embedded systems and mobile devices. Vendors affected include Sun Microsystems, the Apache Software Foundation and Python.

Here's the skinny from Finland's Computer Emergency Response Team (CERT-FI):

The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content.

The vulnerabilities can be triggered remotely and, in some cases (Python), remain unpatched.

* Image source: http://www.ibridge.be.

Editorial standards

Show Comments

The Apple Watch Ultra 2 with an Atlantic Blue Nomad Rugged Band.

Major security holes in popular XML libraries

Related

6 reasons to buy an Apple Watch, according to a wearables expert

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

The best AI image generators to try right now