10

CVE-2008-3529

Exploit

EPSS 58.86%
Veröffentlicht 12.09.2008 16:56:20
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 56

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.7.0

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Apple ≫ Safari Version < 4.0

Apple ≫ Safari Version >= 3.2.0 < 3.2.3

Apple ≫ iPhone OS Version < 3.0

Apple ≫ macOS X Version < 10.5.7

Apple ≫ macOS X Version10.5.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	58.86%	0.981

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/31868

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0886.html

Third Party Advisory

http://xmlsoft.org/news.html

Vendor Advisory

Release Notes

http://secunia.com/advisories/35074

Third Party Advisory

http://support.apple.com/kb/HT3549

Third Party Advisory

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2009/1297

Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Broken Link

Mailing List

http://secunia.com/advisories/35379

Third Party Advisory

http://support.apple.com/kb/HT3613

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1522

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/31982

Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT3639

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1621

Third Party Advisory

http://secunia.com/advisories/31558

Third Party Advisory

http://secunia.com/advisories/31855

Third Party Advisory

http://secunia.com/advisories/32807

Third Party Advisory

http://secunia.com/advisories/32974

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200812-06.xml

Third Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2008-0325

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2008:192

Broken Link

https://usn.ubuntu.com/644-1/

Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/May/msg00000.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/31860

Third Party Advisory

http://secunia.com/advisories/32265

Third Party Advisory

http://secunia.com/advisories/32280

Third Party Advisory

http://secunia.com/advisories/33715

Third Party Advisory

http://secunia.com/advisories/33722

Third Party Advisory

http://secunia.com/advisories/35056

Third Party Advisory

http://secunia.com/advisories/36173

Third Party Advisory

http://secunia.com/advisories/36235

Third Party Advisory

http://securitytracker.com/id?1020855

Third Party Advisory

VDB Entry

http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1

Broken Link

http://support.apple.com/kb/HT3550

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm

Third Party Advisory

http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm

Third Party Advisory

http://www.debian.org/security/2008/dsa-1654

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0884.html

Third Party Advisory

http://www.securityfocus.com/bid/31126

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-815-1

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2822

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1298

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=461015

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/45085

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103

Third Party Advisory

https://www.exploit-db.com/exploits/8798

Third Party Advisory

Exploit

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2008-3529

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3529

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3529

EUVD