Billion laughs
Encyclopedia
In computer security
, a billion laughs attack is a type of denial-of-service (DoS) attack
which is aimed at parsers of XML
documents.
It's also referred to as an XML bomb or as an exponential entity expansion attack.
The example attack consists of defining 10 elements, each defined as consisting of 10 of the previous element, with the document consisting of a single instance of the largest element - which expands to 1 billion copies of the first element. In the most frequently cited example, the first element is the string "lol
", hence the name "billion laughs". The amount of memory used would likely exceed that available to the process parsing the XML (it certainly would have at the time the vulnerability was first reported).
While the original form of the attack was aimed specifically at XML parsers, the term may be applicable to similar subjects as well.
The problem was first reported as early as 2003, but began to be widely addressed in 2008.
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
, a billion laughs attack is a type of denial-of-service (DoS) attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
which is aimed at parsers of XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
documents.
It's also referred to as an XML bomb or as an exponential entity expansion attack.
The example attack consists of defining 10 elements, each defined as consisting of 10 of the previous element, with the document consisting of a single instance of the largest element - which expands to 1 billion copies of the first element. In the most frequently cited example, the first element is the string "lol
LOL
LOL is an acronym or abbreviation of "laughing out loud", "lots of luck", or "lots of love". In medical slang, it is used as an acronym for "little old lady", a reference to the novel House of God.LOL or Lol may also refer to:...
", hence the name "billion laughs". The amount of memory used would likely exceed that available to the process parsing the XML (it certainly would have at the time the vulnerability was first reported).
While the original form of the attack was aimed specifically at XML parsers, the term may be applicable to similar subjects as well.
The problem was first reported as early as 2003, but began to be widely addressed in 2008.