{"id":"CVE-2014-3243","details":"SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing a large number of nested entity references.","aliases":["GHSA-2gh8-gr6x-7q26"],"modified":"2024-04-22T22:57:18.321597Z","published":"2014-05-12T14:55:07Z","withdrawn":"2024-06-30T13:40:11.229915Z","references":[{"type":"EVIDENCE","url":"http://www.pnigos.com/?p=260"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2014/May/20"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/05/06/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/05/06/9"},{"type":"WEB","url":"http://www.securityfocus.com/bid/67216"}],"affected":[{"package":{"name":"python-soappy","ecosystem":"Debian:10","purl":"pkg:deb/debian/python-soappy?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12.22-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-3243.json"}}],"schema_version":"1.7.3"}