Ubuntu.comUB:CVE-2008-2935CVE-2008-2935
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.18 Low
EPSS
Percentile
96.1%
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka
exsltCryptoRc4EncryptFunction) and (2) decryption (aka
exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt
1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary
code via an XML file containing a long string as βan argument in the XSL
input.β
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.18 Low
EPSS
Percentile
96.1%