Unrated severityNVD Advisory· Published May 12, 2015· Updated Jun 17, 2026
CVE-2015-3451
CVE-2015-3451
Description
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16cpe:2.3:a:xml-libxml_project:xml-libxml:*:*:*:*:*:perl:*:*+ 1 more
- cpe:2.3:a:xml-libxml_project:xml-libxml:*:*:*:*:*:perl:*:*range: <=2.0118
- (no CPE)range: < 2.0119
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/perl-XML-LibXML&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 2.0128-1.3+ 3 more
- (no CPE)range: < 2.0128-1.3
- (no CPE)range: < 2.0019-5.3
- (no CPE)range: < 2.0019-5.3
- (no CPE)range: < 2.0019-5.3
Patches
Vulnerability mechanics
References
12- advisories.mageia.org/MGASA-2015-0199.htmlnvdThird Party Advisory
- cpansearch.perl.org/src/SHLOMIF/XML-LibXML-2.0119/ChangesnvdRelease NotesThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-May/157448.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-May/157740.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2015-09/msg00006.htmlnvdThird Party Advisory
- www.debian.org/security/2015/dsa-3243nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2015/04/25/2nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2015/04/30/1nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/74333nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2592-1nvdThird Party Advisory
- bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/nvdVendor Advisory
- www.mandriva.com/security/advisoriesnvdBroken Link
News mentions
0No linked articles in our index yet.