Lucene search

[email protected]CVE-2007-6284

HistoryJan 12, 2008 - 2:46 a.m.

CVE-2007-6284

2008-01-1202:46:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2007-6284

xmlcurrentchar

libxml2

denial of service

security

vulnerability

nvd

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

CPENameOperatorVersion
mandrakesoft:mandrake_linux_corporate_servermandrakesoft mandrake linux corporate servereq4.0
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq4.0
redhat:fedoraredhat fedoraeq7
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq2007
redhat:fedoraredhat fedoraeq8
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq2007.1
mandrakesoft:mandrake_linux_corporate_servermandrakesoft mandrake linux corporate servereq3.0
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq2008.0

CPE	Name	Operator	Version
mandrakesoft:mandrake_linux_corporate_server	mandrakesoft mandrake linux corporate server	eq	4.0
debian:debian_linux	debian debian linux	eq	3.1
debian:debian_linux	debian debian linux	eq	4.0
redhat:fedora	redhat fedora	eq	7
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	2007
redhat:fedora	redhat fedora	eq	8
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	2007.1
mandrakesoft:mandrake_linux_corporate_server	mandrakesoft mandrake linux corporate server	eq	3.0
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	2008.0

References

bugs.gentoo.org/show_bug.cgi?id=202628

lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

lists.vmware.com/pipermail/security-announce/2008/000009.html

mail.gnome.org/archives/xml/2008-January/msg00036.html

secunia.com/advisories/28439

secunia.com/advisories/28444

secunia.com/advisories/28450

secunia.com/advisories/28452

secunia.com/advisories/28458

secunia.com/advisories/28466

secunia.com/advisories/28470

secunia.com/advisories/28475

secunia.com/advisories/28636

secunia.com/advisories/28716

secunia.com/advisories/28740

secunia.com/advisories/29591

secunia.com/advisories/31074

security.gentoo.org/glsa/glsa-200801-20.xml

securitytracker.com/id?1019181

sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1

sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1

support.avaya.com/elmodocs2/security/ASA-2008-047.htm

support.avaya.com/elmodocs2/security/ASA-2008-050.htm

www.debian.org/security/2008/dsa-1461

www.mandriva.com/security/advisories?name=MDVSA-2008:010

www.novell.com/linux/security/advisories/suse_security_summary_report.html

www.redhat.com/support/errata/RHSA-2008-0032.html

www.securityfocus.com/archive/1/486410/100/0/threaded

www.securityfocus.com/archive/1/490306/100/0/threaded

www.securityfocus.com/bid/27248

www.vupen.com/english/advisories/2008/0117

www.vupen.com/english/advisories/2008/0144

www.vupen.com/english/advisories/2008/1033/references

www.vupen.com/english/advisories/2008/2094/references

www.xmlsoft.org/news.html

bugzilla.redhat.com/show_bug.cgi?id=425927

issues.rpath.com/browse/RPL-2121

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216

usn.ubuntu.com/569-1/

www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html

www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for CVE-2007-6284

openvas26 prion1 nessus16 fedora2 redhat1 gentoo1 oraclelinux1 ubuntucve1 osv1 ubuntu1 altlinux2 vmware2 centos2 seebug1 securityvulns1 debiancve1 debian1