OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Re: [xml-dev] Malicious XML

[ Lists Home | Date Index | Thread Index ]


> Karl Waclawek wrote,
> > > Anyway, their example uses a really trivial internal subset to bring
> > > down a SOAP server. I wonder if there are more well known XML
> > > examples that can cause a parser to eat up all memory.
> > >
> > > Properly used, Expat is already equipped to handle such situations
> > > since it allows for a pluggable memory handler.
> >
> > Actually, I have to correct myself:
> >
> > In Expat, memory isn't eaten up, just lots of CPU cycles.
> > Same in MSXML4. So a custom memory handler won't work.
> 
> Any chance of some details of just what it is in the internal subset 
> which triggers this behaviour, and how?

According to James Clark it is a reasonably well known XML
vulnerability. I can e-mail you. I am not sure if I should
post it publicly - any comments on that?

Btw, I was able to modify this attack and turn it into
a memory hog as well as a CPU hog.

Karl




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS