[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Thu Feb 21 08:42:46 CET 2013

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 21 Feb 2013 02:29:08 -0500 Tres Seaver <tseaver at palladion.com> wrote:

Antoine, A single, small,, malicious XML file can kill a machine (not just the process parsing it) by sucking all available RAM. We are talking hard lockup, reboot-to-fix-it sorts of DOC here.

Sure, but in many instances, rebooting a machine is not business-threatening. You will have a couple of minutes' downtime and that's all. Which is why the attack must be repeated many times to be a major annoyance.

Regards

Antoine.

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list