CVE-2008-3281

Опубликовано: 27 авг. 2008

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Ссылки

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Mailing List
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Mailing List
http://lists.vmware.com/pipermail/security-announce/2008/000039.html
Broken Link
http://mail.gnome.org/archives/xml/2008-August/msg00034.html
Mailing List
Patch
http://secunia.com/advisories/31558
Broken Link
http://secunia.com/advisories/31566
Broken Link
http://secunia.com/advisories/31590
Broken Link
http://secunia.com/advisories/31728
Broken Link
http://secunia.com/advisories/31748
Broken Link
http://secunia.com/advisories/31855
Broken Link
http://secunia.com/advisories/31982
Broken Link
http://secunia.com/advisories/32488
Broken Link
http://secunia.com/advisories/32807
Broken Link
http://secunia.com/advisories/32974
Broken Link
http://secunia.com/advisories/35379
Broken Link
http://security.gentoo.org/glsa/glsa-200812-06.xml
Third Party Advisory
http://support.apple.com/kb/HT3613
Third Party Advisory
http://support.apple.com/kb/HT3639
Third Party Advisory
http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Версия до 2.6.32 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия до 4.0 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия от 1.0.0 (включая) до 3.0 (исключая)

Конфигурация 3

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Конфигурация 6

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*

Конфигурация 7

Одно из

cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00802

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-776

Связанные уязвимости

CVE-2008-3281

CVSS3: 6.5

ubuntu

почти 17 лет назад

CVE-2008-3281

redhat

почти 17 лет назад

CVE-2008-3281

CVSS3: 6.5

debian

почти 17 лет назад

libxml2 2.6.32 and earlier does not properly detect recursion during e ...

GHSA-x9c5-c5mj-wjjx

CVSS3: 6.5

github

около 3 лет назад

ELSA-2008-0836

oracle-oval

почти 17 лет назад

ELSA-2008-0836: libxml2 security update (MODERATE)

EPSS

Процентиль: 73%

0.00802

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-776