CVE-2009-2473 – Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service

https://notcve.org/view.php?id=CVE-2009-2473

21 Aug 2009 — neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. neon, en versiones anteriores a la 0.28.6, cuando se usa expat, no detecta adecuadamente la recursividad en la expansión de una entidad, esto permite a atacantes dependientes del contexto provocar ... • https://www.exploit-db.com/exploits/10206 • CWE-399: Resource Management Errors •