5

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version3.1
DebianDebian Linux Version3.1 Editionalpha
DebianDebian Linux Version3.1 Editionamd64
DebianDebian Linux Version3.1 Editionarm
DebianDebian Linux Version3.1 Editionhppa
DebianDebian Linux Version3.1 Editionia-32
DebianDebian Linux Version3.1 Editionia-64
DebianDebian Linux Version3.1 Editionm68k
DebianDebian Linux Version3.1 Editionmips
DebianDebian Linux Version3.1 Editionmipsel
DebianDebian Linux Version3.1 Editionppc
DebianDebian Linux Version3.1 Editions-390
DebianDebian Linux Version3.1 Editionsparc
DebianDebian Linux Version4.0
DebianDebian Linux Version4.0 Editionalpha
DebianDebian Linux Version4.0 Editionamd64
DebianDebian Linux Version4.0 Editionarm
DebianDebian Linux Version4.0 Editionhppa
DebianDebian Linux Version4.0 Editionia-32
DebianDebian Linux Version4.0 Editionia-64
DebianDebian Linux Version4.0 Editionm68k
DebianDebian Linux Version4.0 Editionmips
DebianDebian Linux Version4.0 Editionmipsel
DebianDebian Linux Version4.0 Editionpowerpc
DebianDebian Linux Version4.0 Editions-390
DebianDebian Linux Version4.0 Editionsparc
MandrakesoftMandrake Linux Version2007
MandrakesoftMandrake Linux Version2007 Editionx86_64
MandrakesoftMandrake Linux Version2007.1
MandrakesoftMandrake Linux Version2007.1 Editionx86_64
MandrakesoftMandrake Linux Version2008.0
MandrakesoftMandrake Linux Version2008.0 Editionx86_64
MandrakesoftMandrake Linux Corporate Server Version3.0 Editionx86_64
MandrakesoftMandrake Linux Corporate Server Version4.0 Editionx86_64
RedhatFedora Version7
RedhatFedora Version8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.57% 0.831
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.xmlsoft.org/news.html
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
http://secunia.com/advisories/31074
http://www.vupen.com/english/advisories/2008/2094/references
http://secunia.com/advisories/28636
Vendor Advisory
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://bugs.gentoo.org/show_bug.cgi?id=202628
http://lists.vmware.com/pipermail/security-announce/2008/000009.html
http://mail.gnome.org/archives/xml/2008-January/msg00036.html
http://secunia.com/advisories/28439
Vendor Advisory
http://secunia.com/advisories/28444
Vendor Advisory
http://secunia.com/advisories/28450
Vendor Advisory
http://secunia.com/advisories/28452
Vendor Advisory
http://secunia.com/advisories/28458
Vendor Advisory
http://secunia.com/advisories/28466
Vendor Advisory
http://secunia.com/advisories/28470
Vendor Advisory
http://secunia.com/advisories/28475
Vendor Advisory
http://secunia.com/advisories/28716
Vendor Advisory
http://secunia.com/advisories/28740
http://secunia.com/advisories/29591
http://security.gentoo.org/glsa/glsa-200801-20.xml
http://securitytracker.com/id?1019181
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1
http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm
http://www.debian.org/security/2008/dsa-1461
http://www.mandriva.com/security/advisories?name=MDVSA-2008:010
http://www.redhat.com/support/errata/RHSA-2008-0032.html
Patch
http://www.securityfocus.com/archive/1/486410/100/0/threaded
http://www.securityfocus.com/archive/1/490306/100/0/threaded
http://www.securityfocus.com/bid/27248
http://www.vupen.com/english/advisories/2008/0117
http://www.vupen.com/english/advisories/2008/0144
http://www.vupen.com/english/advisories/2008/1033/references
https://bugzilla.redhat.com/show_bug.cgi?id=425927
https://issues.rpath.com/browse/RPL-2121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216
https://usn.ubuntu.com/569-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html