{"result": {"cve": [{"id": "CVE-2007-6284", "type": "cve", "title": "CVE-2007-6284", "description": "The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.", "published": "2008-01-11T21:46:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6284", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-03T09:50:11"}], "centos": [{"id": "CESA-2008:0032-03", "type": "centos", "title": "libxml2 security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0032-03\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014584.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2008-01-13T02:24:38", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014584.html", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-12-05T20:41:35"}, {"id": "CESA-2008:0032", "type": "centos", "title": "libxml2 security update", "description": "**CentOS Errata and Security Advisory** CESA-2008:0032\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014569.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014570.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014573.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014575.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014577.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014578.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014589.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014590.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014601.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-January/014602.html\n\n**Affected packages:**\nlibxml2\nlibxml2-devel\nlibxml2-python\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0032.html", "published": "2008-01-11T14:30:01", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2008-January/014569.html", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-12-05T20:01:18"}], "osvdb": [{"id": "OSVDB:40194", "type": "osvdb", "title": "Libxml2 xmlCurrentChar Function UTF-8 Parsing DoS", "description": "## Solution Description\nUpgrade to version 2.6.31 or higher, as it has been reported to fix this vulnerability. In addition, Daniel Veillard has released a patch for some older versions.\n## Short Description\nLibxml2 xmlCurrentChar Function UTF-8 Parsing DoS\n## References:\n[Secunia Advisory ID:28444](https://secuniaresearch.flexerasoftware.com/advisories/28444/)\n[Secunia Advisory ID:28439](https://secuniaresearch.flexerasoftware.com/advisories/28439/)\n[Secunia Advisory ID:28470](https://secuniaresearch.flexerasoftware.com/advisories/28470/)\n[Secunia Advisory ID:28475](https://secuniaresearch.flexerasoftware.com/advisories/28475/)\n[Secunia Advisory ID:28458](https://secuniaresearch.flexerasoftware.com/advisories/28458/)\n[Secunia Advisory ID:28450](https://secuniaresearch.flexerasoftware.com/advisories/28450/)\nOther Solution URL: http://veillard.com/libxml2.patch\nOther Advisory URL: https://rhn.redhat.com/errata/RHSA-2008-0032.html\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html\nOther Advisory URL: https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-January/000655.html\nOther Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:010\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2008-January/000302.html\nMail List Post: http://mail.gnome.org/archives/xml/2008-January/msg00036.html\n[CVE-2007-6284](https://vulners.com/cve/CVE-2007-6284)\n", "published": "2008-01-11T13:22:03", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:40194", "cvelist": ["CVE-2007-6284"], "lastseen": "2017-04-28T13:20:36"}], "nessus": [{"id": "VMWARE_VMSA-2008-0006.NASL", "type": "nessus", "title": "VMSA-2008-0006 : Updated libxml2 service console package", "description": "Updated libxml2 package to address a denial of service flaw.\n\nThanks to the Google security team for identifying and reporting this issue.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6284 to this issue.", "published": "2009-07-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=40376", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:23:58"}, {"id": "REDHAT-RHSA-2008-0032.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0032)", "description": "Updated libxml2 packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files.\n\nA denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2007-6284)\n\nRed Hat would like to thank the Google Security Team for responsibly disclosing this issue.\n\nAll users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2008-01-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29954", "cvelist": ["CVE-2007-6284"], "lastseen": "2017-01-04T06:12:39"}, {"id": "SL_20080111_LIBXML2_ON_SL3_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64", "description": "A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2007-6284)", "published": "2012-08-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60342", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:25:41"}, {"id": "MANDRIVA_MDVSA-2008-010.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:010)", "description": "A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding.\n\nThe updated packages have been patched to correct this issue.", "published": "2009-04-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36842", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:26:16"}, {"id": "ORACLELINUX_ELSA-2008-0032.NASL", "type": "nessus", "title": "Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0032)", "description": "From Red Hat Security Advisory 2008:0032 :\n\nUpdated libxml2 packages that fix a security issue are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files.\n\nA denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2007-6284)\n\nRed Hat would like to thank the Google Security Team for responsibly disclosing this issue.\n\nAll users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.", "published": "2013-07-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67637", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:23:35"}, {"id": "SUSE_LIBXML2-4840.NASL", "type": "nessus", "title": "SuSE 10 Security Update : libxml2 (ZYPP Patch Number 4840)", "description": "libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8 processing. CVE-2007-6284 has been assigned to this problem.", "published": "2008-01-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30094", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:23:41"}, {"id": "GENTOO_GLSA-200801-20.NASL", "type": "nessus", "title": "GLSA-200801-20 : libxml2: Denial of Service", "description": "The remote host is affected by the vulnerability described in GLSA-200801-20 (libxml2: Denial of Service)\n\n Brad Fitzpatrick reported that the xmlCurrentChar() function does not properly handle some UTF-8 multibyte encodings.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted XML document with an application using libxml2, possibly resulting in a high CPU consumption. Note that this vulnerability could also be triggered without user interaction by an automated system processing XML content.\n Workaround :\n\n There is no known workaround at this time.", "published": "2008-02-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30137", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:24:14"}, {"id": "UBUNTU_USN-569-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxml2 vulnerability (USN-569-1)", "description": "Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29979", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:23:47"}, {"id": "SUSE9_12032.NASL", "type": "nessus", "title": "SuSE9 Security Update : libxml2 (YOU Patch Number 12032)", "description": "libxml2 contained a DoS condition in xmlCurrentChar()'s UTF-8 processing. CVE-2007-6284 has been assigned to this problem.", "published": "2009-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41179", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:25:25"}, {"id": "FEDORA_2008-0462.NASL", "type": "nessus", "title": "Fedora 8 : libxml2-2.6.31-1.fc8 (2008-0462)", "description": "This release fixes a potential Denial of Service attack on services using libxml2 to parse user provided XML. All users are invited to upgrade. Fixes CVE-2007-6284\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-01-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29940", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T17:25:44"}], "ubuntu": [{"id": "USN-569-1", "type": "ubuntu", "title": "libxml2 vulnerability", "description": "Brad Fitzpatrick discovered that libxml2 did not correctly handle certain \nUTF-8 sequences. If a remote attacker were able to trick a user or \nautomated system into processing a specially crafted XML document, the \napplication linked against libxml2 could enter an infinite loop, leading \nto a denial of service via CPU resource consumption.", "published": "2008-01-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.ubuntu.com/usn/usn-569-1", "cvelist": ["CVE-2007-6284"], "lastseen": "2017-05-01T08:29:18"}], "openvas": [{"id": "OPENVAS:870066", "type": "openvas", "title": "RedHat Update for libxml2 RHSA-2008:0032-01", "description": "Check for the Version of libxml2", "published": "2009-03-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870066", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:16"}, {"id": "OPENVAS:60181", "type": "openvas", "title": "Debian Security Advisory DSA 1461-1 (libxml2)", "description": "The remote host is missing an update to libxml2\nannounced via advisory DSA 1461-1.", "published": "2008-01-31T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60181", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:41"}, {"id": "OPENVAS:880266", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032 centos4 i386", "description": "Check for the Version of libxml2", "published": "2009-02-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880266", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:23"}, {"id": "OPENVAS:880162", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032-03 centos2 i386", "description": "Check for the Version of libxml2", "published": "2009-02-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880162", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:09"}, {"id": "OPENVAS:880226", "type": "openvas", "title": "CentOS Update for libxml2 CESA-2008:0032 centos3 x86_64", "description": "Check for the Version of libxml2", "published": "2009-02-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=880226", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:25"}, {"id": "OPENVAS:830390", "type": "openvas", "title": "Mandriva Update for libxml2 MDVSA-2008:010 (libxml2)", "description": "Check for the Version of libxml2", "published": "2009-04-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=830390", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:21"}, {"id": "OPENVAS:65503", "type": "openvas", "title": "SLES9: Security update for libxml2", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libxml2\n libxml2-devel\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020669 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65503", "cvelist": ["CVE-2007-6284"], "lastseen": "2017-02-10T09:02:49"}, {"id": "OPENVAS:860379", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2008-0477", "description": "Check for the Version of libxml2", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860379", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:26"}, {"id": "OPENVAS:860226", "type": "openvas", "title": "Fedora Update for libxml2 FEDORA-2008-0462", "description": "Check for the Version of libxml2", "published": "2009-02-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=860226", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-26T20:41:18"}, {"id": "OPENVAS:60282", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200801-20 (libxml2)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200801-20.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=60282", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-11-11T16:45:47"}], "debian": [{"id": "DSA-1461", "type": "debian", "title": "libxml2 -- missing input validation", "description": "Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. \n\nFor the old stable distribution (sarge), this problem has been fixed in version 2.6.16-7sarge1. \n\nFor the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-2. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your libxml2 packages.", "published": "2008-01-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1461", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-02T18:23:24"}], "gentoo": [{"id": "GLSA-200801-20", "type": "gentoo", "title": "libxml2: Denial of Service", "description": "### Background\n\nlibxml2 is the XML (eXtended Markup Language) C parser and toolkit initially developed for the Gnome project. \n\n### Description\n\nBrad Fitzpatrick reported that the xmlCurrentChar() function does not properly handle some UTF-8 multibyte encodings. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted XML document with an application using libxml2, possibly resulting in a high CPU consumption. Note that this vulnerability could also be triggered without user interaction by an automated system processing XML content. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll libxml2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/libxml2-2.6.30-r1\"", "published": "2008-01-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200801-20", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-06T19:46:11"}], "oraclelinux": [{"id": "ELSA-2008-0032", "type": "oraclelinux", "title": "Important: libxml2 security update ", "description": " [2.5.10-8.0.1]\n - Add patch libxml2-enterprise.patch, and other logo changes in tarball\n \n [2.5.10-8]\n - Patch to fix UTF-8 decoding problem CVE-2007-6284\n - Resolves: rhbz#425930 ", "published": "2008-01-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2008-0032.html", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-09-04T11:16:45"}], "vmware": [{"id": "VMSA-2008-0006", "type": "vmware", "title": "Updated libxml2 service console package", "description": "Updated libxml2 package to address a denial of service flaw. \n \nThanks to the Google security team for identifying and reporting this issue. \n \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6284 to this issue.\n", "published": "2008-03-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0006.html", "cvelist": ["CVE-2007-6284"], "lastseen": "2016-02-24T20:42:47"}]}}