6.5

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version <= 2.6.32
AppleSafari Version < 4.0
AppleiPhone OS Version >= 1.0.0 < 3.0
FedoraprojectFedora Version9
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04
DebianDebian Linux Version4.0
RedhatEnterprise Linux Eus Version4.7
RedhatEnterprise Linux Eus Version5.2
VMwareEsx Version2.5.4
VMwareEsx Version2.5.5
VMwareEsx Version3.0.2
VMwareEsx Version3.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.51% 0.827
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

http://mail.gnome.org/archives/xml/2008-August/msg00034.html
Patch
Mailing List
http://xmlsoft.org/news.html
Release Notes
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link
Mailing List
http://secunia.com/advisories/35379
Broken Link
http://support.apple.com/kb/HT3613
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1522
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Mailing List
http://secunia.com/advisories/31982
Broken Link
http://www.securityfocus.com/archive/1/497962/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2008-0017.html
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2971
Broken Link
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Mailing List
http://support.apple.com/kb/HT3639
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621
Broken Link
http://lists.vmware.com/pipermail/security-announce/2008/000039.html
Broken Link
http://secunia.com/advisories/31558
Broken Link
http://secunia.com/advisories/31566
Broken Link
http://secunia.com/advisories/31590
Broken Link
http://secunia.com/advisories/31728
Broken Link
http://secunia.com/advisories/31748
Broken Link
http://secunia.com/advisories/31855
Broken Link
http://secunia.com/advisories/32488
Broken Link
http://secunia.com/advisories/32807
Broken Link
http://secunia.com/advisories/32974
Broken Link
http://security.gentoo.org/glsa/glsa-200812-06.xml
Third Party Advisory
http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2008-0325
Broken Link
http://www.debian.org/security/2008/dsa-1631
Third Party Advisory
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2008:180
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
Broken Link
http://www.securityfocus.com/bid/30783
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1020728
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-640-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2419
Broken Link
http://www.vupen.com/english/advisories/2008/2843
Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=458086
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812
Broken Link
https://rhn.redhat.com/errata/RHSA-2008-0836.html
Third Party Advisory
https://usn.ubuntu.com/644-1/
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html
Mailing List