VDB

CVE-2019-5427

CVE-2019-5427 PUBLISHED

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

EPSS 5.65% · 90.5th percentile

Risk Scores

EPSS Score
5.65%
90.5th percentile

Affected Products

VendorProductVersions
Ubuntu:24.04:LTSc3p00
Ubuntu:22.04:LTSc3p00, 0.9.1.2-10
Ubuntu:Pro:16.04:LTSc3p00.9.1.2-9, 0, 0.9.1.2-9+deb8u1build0.16.04.1
Ubuntu:Pro:14.04:LTSc3p00, 0.9.1.2-9, 0.9.1.2-7
Ubuntu:20.04:LTSc3p00.9.1.2-10, 0
Ubuntu:18.04:LTSc3p00, 0.9.1.2-9, 0.9.1.2-9+deb8u1build0.18.04.1

Exploit Intelligence

…and 19 more exploits

Timeline

  • CVE Published
  • Apr 16, 2019 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 15, 2024 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 22, 2025 EPSS Score
  • Mar 26, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›