The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/73496http://www-01.ibm.com/support/docview.wss?uid=swg21588098https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837
