Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4049
HistorySep 14, 2008 - 12:00 a.m.

libxml XML实体名堆缓冲区溢出漏洞

2008-09-1400:00:00
Root
www.seebug.org
33

0.943 High

EPSS

Percentile

99.0%

JSON

BUGTRAQ ID: 31126
CVE ID:CVE-2008-3529
CNCVE ID:CNCVE-20083529

libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。
libxml处理畸形XML内容时存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。
当libxml2处理超长XML实体名时存在基于堆的缓冲区溢出,如果应用程序链接libxml2处理不可信的畸形XML内容,可导致应用程序崩溃或任意代码执行。

XMLSoft Libxml2 2.6.31
XMLSoft Libxml2 2.6.30
XMLSoft Libxml2 2.6.26
XMLSoft Libxml2 2.6.16
XMLSoft Libxml2 2.6.15
XMLSoft Libxml2 2.6.14

  • OpenPKG OpenPKG Current
    XMLSoft Libxml2 2.6.13
    XMLSoft Libxml2 2.6.12
    XMLSoft Libxml2 2.6.11
  • Ubuntu Ubuntu Linux 4.1 ppc
  • Ubuntu Ubuntu Linux 4.1 ia64
  • Ubuntu Ubuntu Linux 4.1 ia32
    XMLSoft Libxml2 2.6.9
  • Conectiva Linux 10.0
  • Conectiva Linux 9.0
    XMLSoft Libxml2 2.6.8
  • RedHat Fedora Core2
    XMLSoft Libxml2 2.6.7
    XMLSoft Libxml2 2.6.6
    XMLSoft Libxml2 2.6.5
    XMLSoft Libxml2 2.6.4
    XMLSoft Libxml2 2.6.3
    XMLSoft Libxml2 2.6.2
    XMLSoft Libxml2 2.6.1
    XMLSoft Libxml2 2.6 .0
    XMLSoft Libxml2 2.5.11
  • MandrakeSoft Linux Mandrake 9.2 amd64
  • MandrakeSoft Linux Mandrake 9.2
    XMLSoft Libxml2 2.5.10
  • Trustix Secure Linux 2.0
    XMLSoft Libxml2 2.5.8
    XMLSoft Libxml2 2.5.4
  • MandrakeSoft Linux Mandrake 9.1 ppc
  • MandrakeSoft Linux Mandrake 9.1
    XMLSoft Libxml2 2.5.1
  • Conectiva Linux 9.0
    RedHat Enterprise Linux WS 4
    RedHat Enterprise Linux WS 3
    RedHat Enterprise Linux ES 4
    RedHat Enterprise Linux ES 3
    RedHat Enterprise Linux Desktop Workstation 5 client
    RedHat Enterprise Linux Desktop 5 client
    RedHat Enterprise Linux AS 4
    RedHat Enterprise Linux AS 3
    RedHat Enterprise Linux 5 server
    RedHat Desktop 4.0
    RedHat Desktop 3.0

可参考如下补丁:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :
Source:
<a href=“ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm” target=“_blank”>ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a>
i386:
libxml2-2.4.19-11.ent.i386.rpm
libxml2-devel-2.4.19-11.ent.i386.rpm
libxml2-python-2.4.19-11.ent.i386.rpm
ia64:
libxml2-2.4.19-11.ent.ia64.rpm
libxml2-devel-2.4.19-11.ent.ia64.rpm
libxml2-python-2.4.19-11.ent.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:
Source:
<a href=“ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm” target=“_blank”>ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a>
ia64:
libxml2-2.4.19-11.ent.ia64.rpm
libxml2-devel-2.4.19-11.ent.ia64.rpm
libxml2-python-2.4.19-11.ent.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:
Source:
<a href=“ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm” target=“_blank”>ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a>
i386:
libxml2-2.4.19-11.ent.i386.rpm
libxml2-devel-2.4.19-11.ent.i386.rpm
libxml2-python-2.4.19-11.ent.i386.rpm

Red Hat Enterprise Linux WS version 2.1:
Source:
<a href=“ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm” target=“_blank”>ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/libxml2-2.4.19-11.ent.src.rpm</a>
i386:
libxml2-2.4.19-11.ent.i386.rpm
libxml2-devel-2.4.19-11.ent.i386.rpm
libxml2-python-2.4.19-11.ent.i386.rpm

Related

oraclelinux 1
openvas 44
nessus 64
packetstorm 2
redhat 2
seebug 2
ubuntucve 1
exploitpack 1
checkpoint_advisories 1
veracode 1
debian 1
securityvulns 5
prion 1
osv 1
cve 1
centos 2
debiancve 1
exploitdb 1
ubuntu 2
freebsd 1
vmware 2
gentoo 1
oraclelinux
oraclelinux
libxml2 security update
2008-09-11 00:00:00
openvas
openvas
CentOS Update for libxml2 CESA-2008:0884 centos3 i386
2009-02-27 00:00:00
RedHat Update for libxml2 RHSA-2008:0884-01
2009-03-06 00:00:00
CentOS Update for libxml2 CESA-2008:0884 centos3 i386
2009-02-27 00:00:00
nessus
nessus
Solaris 10 (x86) : 125732-13 (deprecated)
2008-02-05 00:00:00
Solaris 10 (x86) : 125732-13
2018-03-12 00:00:00
Solaris 10 (sparc) : 125731-13
2018-03-12 00:00:00
packetstorm
packetstorm
Safari RSS feed:// Buffer Overflow
2009-05-27 00:00:00
Netragard Security Advisory 2009-06-22
2009-06-23 00:00:00
redhat
redhat
(RHSA-2008:0884) Important: libxml2 security update
2008-09-11 00:00:00
(RHSA-2008:0886) Important: libxml2 security update
2008-09-11 00:00:00
seebug
seebug
Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC
2009-05-27 00:00:00
libxml XML实体名堆溢出漏洞
2008-09-22 00:00:00
ubuntucve
ubuntucve
CVE-2008-3529
2008-09-12 00:00:00
exploitpack
exploitpack
Apple Safari - RSS feed: Buffer Overflow via libxml2 (PoC)
2009-05-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Multiple Products libxml2 XML File Processing Entity Name Buffer Overflow (CVE-2008-3529)
2010-02-01 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-11-09 03:48:07
debian
debian
[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
2008-10-14 18:04:50
securityvulns
securityvulns
[Full-disclosure] [NETRAGARD SECURITY ADVISORY] [&lt; Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622]
2009-06-22 00:00:00
[Full-disclosure] [NETRAGARD SECURITY ADVISORY] [&lt; Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622]
2009-06-22 00:00:00
Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2009-06-21 00:00:00
prion
prion
Heap overflow
2008-09-12 16:56:00
osv
osv
libxml2 - execution of arbitrary code
2008-10-14 00:00:00
cve
cve
CVE-2008-3529
2008-09-12 16:56:00
centos
centos
libxml2 security update
2008-09-11 20:48:40
libxml2 security update
2008-09-12 01:23:56
debiancve
debiancve
CVE-2008-3529
2008-09-12 16:56:00
exploitdb
exploitdb
Apple Safari - RSS &#039;feed://&#039; Buffer Overflow via libxml2 (PoC)
2009-05-26 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2008-09-11 00:00:00
libxml2 vulnerabilities
2009-08-11 00:00:00
freebsd
freebsd
libxml2 -- two vulnerabilities
2008-08-22 00:00:00
vmware
vmware
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2008-12-02 00:00:00

0.943 High

EPSS

Percentile

99.0%

JSON
Related for SSV:4049
oraclelinux1openvas44nessus64packetstorm2redhat2seebug2ubuntucve1exploitpack1checkpoint_advisories1veracode1debian1securityvulns5prion1osv1cve1centos2debiancve1exploitdb1ubuntu2freebsd1vmware2gentoo1