CVE-2013-2566 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-2566 PUBLISHED

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

EPSS 90.83% · 99.6th percentile

Risk Scores

EPSS Score

90.83%

99.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Mar 12, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 1, 2024 PoC Published
Jul 17, 2024 PoC Published
Mar 17, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Apr 4, 2025 EPSS Score
May 1, 2025 EPSS Score
May 4, 2025 EPSS Score
Jun 1, 2025 EPSS Score
Jun 4, 2025 EPSS Score

References

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11176&cat=SIRT_1&actp=LIST advisory
APPLE-SA-2013-10-22-8 vendor-advisory
SUSE-SU-2013:1627 vendor-advisory
RHSA-2012:0324 vendor-advisory
[oss-security] 20120222 libxml2: hash table collisions CPU usage DoS mailing-list
RHSA-2013:0217 vendor-advisory
http://support.apple.com/kb/HT6001 url
http://xmlsoft.org/news.html url
1026723 vdb
54886 third-party-advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html url
http://support.apple.com/kb/HT5934 url
DSA-2417 vendor-advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846 url
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of url
55568 third-party-advisory
52107 vdb
MDVSA-2013:150 vendor-advisory
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a url
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf url

…and 17 more

Open in Interactive Console →