10

CVE-2008-3529

Exploit
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version < 2.7.0
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
AppleSafari Version < 4.0
AppleSafari Version >= 3.2.0 < 3.2.3
AppleiPhone OS Version < 3.0
ApplemacOS X Version < 10.5.7
ApplemacOS X Version10.5.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.37% 0.975
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/31868
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0886.html
Third Party Advisory
http://xmlsoft.org/news.html
Vendor Advisory
Release Notes
http://secunia.com/advisories/35074
Third Party Advisory
http://support.apple.com/kb/HT3549
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link
Mailing List
http://secunia.com/advisories/35379
Third Party Advisory
http://support.apple.com/kb/HT3613
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1522
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/31982
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT3639
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621
Third Party Advisory
http://secunia.com/advisories/31558
Third Party Advisory
http://secunia.com/advisories/31855
Third Party Advisory
http://secunia.com/advisories/32807
Third Party Advisory
http://secunia.com/advisories/32974
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-06.xml
Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0325
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
Broken Link
https://usn.ubuntu.com/644-1/
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/31860
Third Party Advisory
http://secunia.com/advisories/32265
Third Party Advisory
http://secunia.com/advisories/32280
Third Party Advisory
http://secunia.com/advisories/33715
Third Party Advisory
http://secunia.com/advisories/33722
Third Party Advisory
http://secunia.com/advisories/35056
Third Party Advisory
http://secunia.com/advisories/36173
Third Party Advisory
http://secunia.com/advisories/36235
Third Party Advisory
http://securitytracker.com/id?1020855
Third Party Advisory
VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
Broken Link
http://support.apple.com/kb/HT3550
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
Third Party Advisory
http://www.debian.org/security/2008/dsa-1654
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0884.html
Third Party Advisory
http://www.securityfocus.com/bid/31126
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-815-1
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2822
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1298
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=461015
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
Third Party Advisory
https://www.exploit-db.com/exploits/8798
Third Party Advisory
Exploit
VDB Entry