Hi,

I am currently using perl 5.6.1 in my application. I am using XML::Parser (version 2.30) module to parse the XML input. This module is vulnerable for an attack called Billions of laughs attack which increases the CPU and hence leads to Denial Of Service.

Is there any latest version of XML::Parser where this vulnerability is addressed? (I did not get it in CPAN)

I thought of replacing XML::Parser module with XML::LibXML::Parser module to address this vulnerability as LibXML 2.0100 is having the fix. I installed that module manually. But I am getting dependency issues while executing the script. Not sure if LibXML version (2.0100) is compatible with Perl 5.6.1.

Can anyone advice on this.

Thanks and regards,
Nagalakshmi

In reply to Billions of laughs attack by nlakshmi

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.