Lucene search

[email protected]CVE-2008-3529

HistorySep 12, 2008 - 4:56 p.m.

CVE-2008-3529

2008-09-1216:56:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-3529

nvd

buffer overflow

libxml2

parser.c

denial of service

xml entity name

security vulnerability

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

CPENameOperatorVersion
xmlsoft:libxml2xmlsoft libxml2lt2.7.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
apple:mac_os_xapple mac os xeq10.5.7
apple:safariapple safarilt3.2.3

CPE	Name	Operator	Version
xmlsoft:libxml2	xmlsoft libxml2	lt	2.7.0
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
apple:mac_os_x	apple mac os x	eq	10.5.7
apple:safari	apple safari	lt	3.2.3

Rows per page:

1-10 of 121

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.apple.com/archives/security-announce/2009/May/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

secunia.com/advisories/31558

secunia.com/advisories/31855

secunia.com/advisories/31860

secunia.com/advisories/31868

secunia.com/advisories/31982

secunia.com/advisories/32265

secunia.com/advisories/32280

secunia.com/advisories/32807

secunia.com/advisories/32974

secunia.com/advisories/33715

secunia.com/advisories/33722

secunia.com/advisories/35056

secunia.com/advisories/35074

secunia.com/advisories/35379

secunia.com/advisories/36173

secunia.com/advisories/36235

security.gentoo.org/glsa/glsa-200812-06.xml

securitytracker.com/id?1020855

sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1

sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1

sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1

sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1

support.apple.com/kb/HT3549

support.apple.com/kb/HT3550

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

support.avaya.com/elmodocs2/security/ASA-2008-400.htm

support.avaya.com/elmodocs2/security/ASA-2009-025.htm

wiki.rpath.com/Advisories:rPSA-2008-0325

www.debian.org/security/2008/dsa-1654

www.mandriva.com/security/advisories?name=MDVSA-2008:192

www.redhat.com/support/errata/RHSA-2008-0884.html

www.redhat.com/support/errata/RHSA-2008-0886.html

www.securityfocus.com/bid/31126

www.ubuntu.com/usn/USN-815-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2008/2822

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1298

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

xmlsoft.org/news.html

bugzilla.redhat.com/show_bug.cgi?id=461015

exchange.xforce.ibmcloud.com/vulnerabilities/45085

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103

usn.ubuntu.com/644-1/

www.exploit-db.com/exploits/8798

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

CVE-2008-3529

References

Related