xml dos

About this tag
The xml dos tag on WindowsForum.com covers discussions about denial-of-service vulnerabilities in XML parsers, particularly the Expat library (libexpat). A notable thread details CVE-2025-66382, where a crafted 2 MB XML file can cause excessive CPU time in Expat versions up to 2.7.3, leading to an algorithmic-complexity DoS. This affects any application parsing untrusted XML with the vulnerable library. The tag is relevant for IT professionals and developers concerned with XML security, patch management, and mitigating DoS risks in Windows and cross-platform environments.
  1. CVE-2025-66382 Expat DoS: 2MB Crafted XML Triggers Long Parse Times

    A recently disclosed weakness in the Expat XML parser (libexpat) — tracked as CVE-2025-66382 — can be triggered by a specially crafted XML file of roughly 2 MiB and causes dozens of seconds of CPU time in vulnerable library versions up through Expat 2.7.3, creating an algorithmic-complexity...