Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability arises from processing USPTO patent XML files using an unsafe XML parser that does not protect against XML External Entity (XXE) attacks. Detection involves identifying if your system is parsing USPTO patent XML files with vulnerable versions of Docling (from 2.13.0 up to but not including 2.74.0) and if the xml.sax.parseString() method is used without protections.

To detect potential exploitation or presence of malicious XML files, you can monitor for XML files containing external entity references or suspicious DTDs that could trigger XXE or Billion Laughs attacks.

Suggested commands include searching for XML files with external entity declarations or entity expansions. For example, using grep to find ENTITY declarations in XML files:

• grep -r '<!ENTITY' /path/to/xml/files

You can also monitor logs or network traffic for unusual outbound requests that could indicate SSRF attempts triggered by malicious XML parsing.

Additionally, checking the version of Docling installed can help determine if your system is vulnerable:

• docling --version

If the version is between 2.13.0 and 2.74.0 (exclusive), the system is vulnerable unless patched or mitigated.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in Docling's USPTO patent XML parser versions from 2.13.0 until 2.74.0. The parser used the standard xml.sax.parseString() method without protection against XML External Entity (XXE) attacks. An attacker could craft malicious USPTO patent XML files containing external entity references that exploit this lack of protection.

By exploiting this vulnerability, an attacker could read arbitrary files from the server's filesystem, perform Server-Side Request Forgery (SSRF) attacks, or cause denial of service through entity expansion attacks such as the Billion Laughs attack.

The vulnerability affects three USPTO patent format parsers: ICE (v4.x), Grant v2.5, and Application v1.x, and was fixed in version 2.74.0.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker to read sensitive files on the server where the Docling USPTO patent XML parser is running. This could lead to unauthorized disclosure of confidential information.

Additionally, the attacker could perform Server-Side Request Forgery (SSRF) attacks, potentially accessing internal systems or services that are not otherwise exposed.

Finally, the vulnerability could be exploited to cause denial of service by triggering entity expansion attacks, which can exhaust system resources and disrupt service availability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, upgrade Docling to version 2.74.0 or later, where the USPTO patent XML parser has been fixed to prevent XML External Entity (XXE) attacks.

Avoid processing USPTO patent XML files with versions of Docling between 2.13.0 and 2.74.0 that are vulnerable to XXE, SSRF, and denial of service attacks.

Useful 0 Not Useful 0