CVE-2008-3529

Опубликовано: 12 сент. 2008

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Ссылки

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Mailing List
Third Party Advisory
http://secunia.com/advisories/31558
Third Party Advisory
http://secunia.com/advisories/31855
Third Party Advisory
http://secunia.com/advisories/31860
Third Party Advisory
http://secunia.com/advisories/31868
Third Party Advisory
http://secunia.com/advisories/31982
Third Party Advisory
http://secunia.com/advisories/32265
Third Party Advisory
http://secunia.com/advisories/32280
Third Party Advisory
http://secunia.com/advisories/32807
Third Party Advisory
http://secunia.com/advisories/32974
Third Party Advisory
http://secunia.com/advisories/33715
Third Party Advisory
http://secunia.com/advisories/33722
Third Party Advisory
http://secunia.com/advisories/35056
Third Party Advisory
http://secunia.com/advisories/35074
Third Party Advisory
http://secunia.com/advisories/35379
Third Party Advisory
http://secunia.com/advisories/36173
Third Party Advisory
http://secunia.com/advisories/36235
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Версия до 2.7.0 (исключая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия до 4.0 (исключая)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия от 3.2.0 (включая) до 3.2.3 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 3.0 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.5.7 (исключая)

cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.58863

Средний

10 Critical

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2008-3529

ubuntu

почти 17 лет назад

CVE-2008-3529

redhat

почти 17 лет назад

CVE-2008-3529

debian

почти 17 лет назад

Heap-based buffer overflow in the xmlParseAttValueComplex function in ...

GHSA-vgv6-63x3-fm4w

github

около 3 лет назад

ELSA-2008-0884

oracle-oval

почти 17 лет назад

ELSA-2008-0884: libxml2 security update (IMPORTANT)

EPSS

Процентиль: 98%

0.58863

Средний

10 Critical

CVSS2

Дефекты

CWE-119