Lucene search

Veracode Vulnerability DatabaseVERACODE:32848

HistoryNov 09, 2021 - 3:48 a.m.

Denial Of Service (DoS)

2021-11-0903:48:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

libxml2.so is vulnerable to denial of service. An attacker can crash the application or execute arbitrary code through the xmlParseAttValueComplex function in parser.c by providing long XML entity name.

CPENameOperatorVersion
libxml2.sole2.6.32
libxml2.sole2.6.32

CPE	Name	Operator	Version
	libxml2.so	le	2.6.32
	libxml2.so	le	2.6.32

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.apple.com/archives/security-announce/2009/May/msg00000.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

secunia.com/advisories/31558

secunia.com/advisories/31855

secunia.com/advisories/31860

secunia.com/advisories/31868

secunia.com/advisories/31982

secunia.com/advisories/32265

secunia.com/advisories/32280

secunia.com/advisories/32807

secunia.com/advisories/32974

secunia.com/advisories/33715

secunia.com/advisories/33722

secunia.com/advisories/35056

secunia.com/advisories/35074

secunia.com/advisories/35379

secunia.com/advisories/36173

secunia.com/advisories/36235

security.gentoo.org/glsa/glsa-200812-06.xml

securitytracker.com/id?1020855

sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1

sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1

sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1

sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1

support.apple.com/kb/HT3549

support.apple.com/kb/HT3550

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

support.avaya.com/elmodocs2/security/ASA-2008-400.htm

support.avaya.com/elmodocs2/security/ASA-2009-025.htm

wiki.rpath.com/Advisories:rPSA-2008-0325

www.debian.org/security/2008/dsa-1654

www.mandriva.com/security/advisories?name=MDVSA-2008:192

www.redhat.com/support/errata/RHSA-2008-0884.html

www.redhat.com/support/errata/RHSA-2008-0886.html

www.securityfocus.com/bid/31126

www.ubuntu.com/usn/USN-815-1

www.us-cert.gov/cas/techalerts/TA09-133A.html

www.vupen.com/english/advisories/2008/2822

www.vupen.com/english/advisories/2009/1297

www.vupen.com/english/advisories/2009/1298

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

xmlsoft.org/news.html

access.redhat.com/errata/RHSA-2008:0884

access.redhat.com/errata/RHSA-2008:0886

access.redhat.com/security/cve/CVE-2008-3529

bugzilla.redhat.com/show_bug.cgi?id=461015

exchange.xforce.ibmcloud.com/vulnerabilities/45085

gitlab.gnome.org/GNOME/libxml2/-/commit/1572425c2774b3fef6af062b87351a0e42c3e172

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103

usn.ubuntu.com/644-1/

www.exploit-db.com/exploits/8798

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Denial Of Service (DoS)

References

Related