Lucene search
RootSSV:4076HistorySep 22, 2008 - 12:00 a.m.
libxml XML实体名堆溢出漏洞
2008-09-2200:00:00
Root
www.seebug.org
14
0.944 High
EPSS
Percentile
99.2%
BUGTRAQ ID: 31126
CVE(CAN) ID: CVE-2008-3529
libxml软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。
libxml2库的parser.c文件中的xmlParseAttValueComplex函数中存在堆溢出漏洞,如果用户受骗打开的XML文件中包含有超长的实体名称的话,就可以触发这个溢出,导致拒绝服务或执行任意指令。
XMLSoft Libxml2 < 2.7.0
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2008:0886-01)以及相应补丁:
RHSA-2008:0886-01:Important: libxml2 security update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2008-0886.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2008-0886.html</a>
Related
nessus
nessus
Debian DSA-1654-1 : libxml2 - buffer overflow
2008-10-15 00:00:00
Solaris 9 (x86) : 114015-28
2004-07-12 00:00:00
openvas
openvas
CentOS Update for libxml2 CESA-2008:0884 centos3 x86_64
2009-02-27 00:00:00
CentOS Update for libxml2 CESA-2008:0884 centos3 x86_64
2009-02-27 00:00:00
Debian: Security Advisory (DSA-1654-1)
2008-11-01 00:00:00
debian
debian
[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code
2008-10-14 18:04:50
veracode
veracode
Denial Of Service (DoS)
2021-11-09 03:48:07
securityvulns
securityvulns
nvd
nvd
CVE-2008-3529
2008-09-12 16:56:20
exploitpack
exploitpack
Apple Safari - RSS feed: Buffer Overflow via libxml2 (PoC)
2009-05-26 00:00:00
checkpoint_advisories
checkpoint_advisories
oraclelinux
oraclelinux
libxml2 security update
2008-09-11 00:00:00
packetstorm
packetstorm
Safari RSS feed:// Buffer Overflow
2009-05-27 00:00:00
Netragard Security Advisory 2009-06-22
2009-06-23 00:00:00
seebug
seebug
Safari RSS feed:// Buffer Overflow via libxml2 Exploit PoC
2009-05-27 00:00:00
libxml XML实体名堆缓冲区溢出漏洞
2008-09-14 00:00:00
ubuntucve
ubuntucve
CVE-2008-3529
2008-09-12 00:00:00
redhat
redhat
(RHSA-2008:0884) Important: libxml2 security update
2008-09-11 00:00:00
(RHSA-2008:0886) Important: libxml2 security update
2008-09-11 00:00:00
cvelist
cvelist
CVE-2008-3529
2008-09-12 16:00:00
cve
cve
CVE-2008-3529
2008-09-12 16:56:20
centos
centos
libxml2 security update
2008-09-11 20:48:40
libxml2 security update
2008-09-12 01:23:56
osv
osv
libxml2 - execution of arbitrary code
2008-10-14 00:00:00
prion
prion
Heap overflow
2008-09-12 16:56:00
debiancve
debiancve
CVE-2008-3529
2008-09-12 16:56:20
ubuntu
ubuntu
libxml2 vulnerabilities
2008-09-11 00:00:00
libxml2 vulnerabilities
2009-08-11 00:00:00
exploitdb
exploitdb
Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)
2009-05-26 00:00:00
freebsd
freebsd
libxml2 -- two vulnerabilities
2008-08-22 00:00:00
vmware
vmware
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
Updated ESX packages for libxml2, ucd-snmp, libtiff
2008-10-31 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2008-12-02 00:00:00