The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Extended description
If the DTD contains a large number of nested or recursive entities, this can lead to explosive growth of data when parsed, causing a denial of service.
Best practices to prevent this CWE
Phase: Operation
If possible, prohibit the use of DTDs or use an XML parser that limits the expansion of recursive DTD entities.
Phase: Implementation
Before parsing XML files with associated DTDs, scan for recursive entity declarations and do not continue parsing potentially explosive content.