Fluid Attacks Database

Description

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libxml-libxml-perl	>=0 <2.0116+dfsg-2	2.0116+dfsg-2
debian 12	libxml-libxml-perl	>=0 <2.0116+dfsg-2	2.0116+dfsg-2
debian 13	libxml-libxml-perl	>=0 <2.0116+dfsg-2	2.0116+dfsg-2
debian 11	libxml-libxml-perl	>=0 <2.0116+dfsg-2	2.0116+dfsg-2
rpm rhel7	perl-XML-LibXML	-	-
rpm rhel5	perl-XML-LibXML	-	-
rpm rhel6	perl-XML-LibXML	-	-

Aliases

1. CVE-2015-34512. NVD-2015-34513. OSV-DEBIAN-2015-34514. OSV-2015-34515. SECURITY-TRACKER-CVE-2015-3451

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.