CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')


The software uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities. If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.  If parsed, recursive entity references allow the attacker to expand data exponentially, quickly consuming all system resources. The weakness is introduced during Implementation, Operation stages.

Latest vulnerabilities for CWE-776


Description of CWE-776 on Mitre website