5

CVE-2008-5185

The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GeshiGeshi Version <= 1.0.7.22
GeshiGeshi Version1.0.0
GeshiGeshi Version1.0.1
GeshiGeshi Version1.0.2
GeshiGeshi Version1.0.2_beta_1
GeshiGeshi Version1.0.3
GeshiGeshi Version1.0.4
GeshiGeshi Version1.0.5
GeshiGeshi Version1.0.6
GeshiGeshi Version1.0.7
GeshiGeshi Version1.0.7.1
GeshiGeshi Version1.0.7.2
GeshiGeshi Version1.0.7.3
GeshiGeshi Version1.0.7.4
GeshiGeshi Version1.0.7.5
GeshiGeshi Version1.0.7.6
GeshiGeshi Version1.0.7.7
GeshiGeshi Version1.0.7.8
GeshiGeshi Version1.0.7.9
GeshiGeshi Version1.0.7.10
GeshiGeshi Version1.0.7.11
GeshiGeshi Version1.0.7.12
GeshiGeshi Version1.0.7.13
GeshiGeshi Version1.0.7.14
GeshiGeshi Version1.0.7.15
GeshiGeshi Version1.0.7.16
GeshiGeshi Version1.0.7.17
GeshiGeshi Version1.0.7.18
GeshiGeshi Version1.0.7.19
GeshiGeshi Version1.0.7.20
GeshiGeshi Version1.0.7.21
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.89% 0.889
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://geshi.svn.sourceforge.net/viewvc/geshi/trunk/geshi-1.0.X/src/geshi.php?r1=1321&r2=1322&view=patch
http://www.openwall.com/lists/oss-security/2008/11/20/4
http://www.securityfocus.com/bid/32377
https://exchange.xforce.ibmcloud.com/vulnerabilities/46769