| ID |
CVE-2008-4226
|
| Summary |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 10.0 (as of 29-09-2017 - 01:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2009-03-23T04:00:21.430-04:00 | | class | vulnerability | | contributors | | name | Pai Peng | | organization | Hewlett-Packard |
| | definition_extensions | | comment | Solaris 9 (SPARC) is installed | | oval | oval:org.mitre.oval:def:1457 |
| comment | Solaris 10 (SPARC) is installed | | oval | oval:org.mitre.oval:def:1440 |
| comment | Solaris 9 (x86) is installed | | oval | oval:org.mitre.oval:def:1683 |
| comment | Solaris 10 (x86) is installed | | oval | oval:org.mitre.oval:def:1926 |
| | description | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | | family | unix | | id | oval:org.mitre.oval:def:6219 | | status | accepted | | submitted | 2009-02-13T15:56:00.000-05:00 | | title | Security Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS) | | version | 35 |
| accepted | 2010-05-17T04:00:14.937-04:00 | | class | vulnerability | | contributors | | name | Michael Wood | | organization | Hewlett-Packard |
| name | Michael Wood | | organization | Hewlett-Packard |
| name | J. Daniel Brown | | organization | DTCC |
| | definition_extensions | | comment | VMWare ESX Server 3.0.3 is installed | | oval | oval:org.mitre.oval:def:6026 |
| comment | VMWare ESX Server 3.0.2 is installed | | oval | oval:org.mitre.oval:def:5613 |
| comment | VMware ESX Server 3.5.0 is installed | | oval | oval:org.mitre.oval:def:5887 |
| | description | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | | family | unix | | id | oval:org.mitre.oval:def:6360 | | status | accepted | | submitted | 2009-09-23T15:39:02.000-04:00 | | title | Libxml2 Integer Overflow in xmlSAX2Characters() May Let Remote Users Execute Arbitrary Code | | version | 5 |
| accepted | 2013-04-29T04:23:04.825-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | | oval | oval:org.mitre.oval:def:11782 |
| comment | CentOS Linux 3.x | | oval | oval:org.mitre.oval:def:16651 |
| comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | | oval | oval:org.mitre.oval:def:11831 |
| comment | CentOS Linux 4.x | | oval | oval:org.mitre.oval:def:16636 |
| comment | Oracle Linux 4.x | | oval | oval:org.mitre.oval:def:15990 |
| comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | | oval | oval:org.mitre.oval:def:11414 |
| comment | The operating system installed on the system is CentOS Linux 5.x | | oval | oval:org.mitre.oval:def:15802 |
| comment | Oracle Linux 5.x | | oval | oval:org.mitre.oval:def:15459 |
| | description | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | | family | unix | | id | oval:org.mitre.oval:def:9888 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | | version | 30 |
|
| redhat
via4
|
| advisories | | bugzilla | | id | 470480 | | title | CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 4 is installed | | oval | oval:com.redhat.rhba:tst:20070304025 |
| OR | | AND | | comment | libxml2 is earlier than 0:2.6.16-12.6 | | oval | oval:com.redhat.rhsa:tst:20080988001 |
| comment | libxml2 is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20080032002 |
|
| AND | | comment | libxml2-devel is earlier than 0:2.6.16-12.6 | | oval | oval:com.redhat.rhsa:tst:20080988003 |
| comment | libxml2-devel is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20080032004 |
|
| AND | | comment | libxml2-python is earlier than 0:2.6.16-12.6 | | oval | oval:com.redhat.rhsa:tst:20080988005 |
| comment | libxml2-python is signed with Red Hat master key | | oval | oval:com.redhat.rhsa:tst:20080032006 |
|
|
|
| AND | | comment | Red Hat Enterprise Linux 5 is installed | | oval | oval:com.redhat.rhba:tst:20070331005 |
| OR | | AND | | comment | libxml2 is earlier than 0:2.6.26-2.1.2.7 | | oval | oval:com.redhat.rhsa:tst:20080988008 |
| comment | libxml2 is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20080032009 |
|
| AND | | comment | libxml2-devel is earlier than 0:2.6.26-2.1.2.7 | | oval | oval:com.redhat.rhsa:tst:20080988010 |
| comment | libxml2-devel is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20080032011 |
|
| AND | | comment | libxml2-python is earlier than 0:2.6.26-2.1.2.7 | | oval | oval:com.redhat.rhsa:tst:20080988012 |
| comment | libxml2-python is signed with Red Hat redhatrelease key | | oval | oval:com.redhat.rhsa:tst:20080032013 |
|
|
|
|
| | rhsa | | id | RHSA-2008:0988 | | released | 2008-11-17 | | severity | Important | | title | RHSA-2008:0988: libxml2 security update (Important) |
|
| | rpms | - libxml2-0:2.4.19-12.ent
- libxml2-0:2.5.10-14
- libxml2-0:2.6.16-12.6
- libxml2-0:2.6.26-2.1.2.7
- libxml2-debuginfo-0:2.5.10-14
- libxml2-debuginfo-0:2.6.16-12.6
- libxml2-debuginfo-0:2.6.26-2.1.2.7
- libxml2-devel-0:2.4.19-12.ent
- libxml2-devel-0:2.5.10-14
- libxml2-devel-0:2.6.16-12.6
- libxml2-devel-0:2.6.26-2.1.2.7
- libxml2-python-0:2.4.19-12.ent
- libxml2-python-0:2.5.10-14
- libxml2-python-0:2.6.16-12.6
- libxml2-python-0:2.6.26-2.1.2.7
|
|
| refmap
via4
|
| apple | - APPLE-SA-2009-06-08-1
- APPLE-SA-2009-06-17-1
| | bid | 32326 | | confirm | | | debian | DSA-1666 | | fedora | - FEDORA-2008-9729
- FEDORA-2008-9773
| | gentoo | GLSA-200812-06 | | hp | | | mandriva | MDVSA-2008:231 | | osvdb | 49993 | | sectrack | 1021238 | | secunia | - 32762
- 32764
- 32766
- 32773
- 32802
- 32807
- 32811
- 32872
- 32974
- 33417
- 33746
- 33792
- 34247
- 35379
- 36173
- 36235
| | slackware | SSA:2008-324-01 | | sunalert | | | suse | SUSE-SR:2008:026 | | ubuntu | USN-673-1 | | vupen | - ADV-2008-3176
- ADV-2009-0034
- ADV-2009-0301
- ADV-2009-0323
- ADV-2009-1522
- ADV-2009-1621
|
|
| Last major update |
29-09-2017 - 01:32 |
| Published |
25-11-2008 - 23:30 |
| Last modified |
29-09-2017 - 01:32 |
