Lucene search

K
ubuntucveUbuntu.comUB:CVE-2008-3529
HistorySep 12, 2008 - 12:00 a.m.

CVE-2008-3529

2008-09-1200:00:00
ubuntu.com
ubuntu.com
18

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.881

Percentile

98.7%

Heap-based buffer overflow in the xmlParseAttValueComplex function in
parser.c in libxml2 before 2.7.0 allows context-dependent attackers to
cause a denial of service (crash) or execute arbitrary code via a long XML
entity name.

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchlibxml2< 2.6.24.dfsg-1ubuntu1.3UNKNOWN
ubuntu7.04noarchlibxml2< 2.6.27.dfsg-1ubuntu3.3UNKNOWN
ubuntu7.10noarchlibxml2< 2.6.30.dfsg-2ubuntu1.3UNKNOWN
ubuntu8.04noarchlibxml2< 2.6.31.dfsg-2ubuntu1.2UNKNOWN

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.881

Percentile

98.7%