ID |
CVE-2008-4226
|
Summary |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 10.0 (as of 29-09-2017 - 01:32) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-399 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2009-03-23T04:00:21.430-04:00 | class | vulnerability | contributors | name | Pai Peng | organization | Hewlett-Packard |
| definition_extensions | comment | Solaris 9 (SPARC) is installed | oval | oval:org.mitre.oval:def:1457 |
comment | Solaris 10 (SPARC) is installed | oval | oval:org.mitre.oval:def:1440 |
comment | Solaris 9 (x86) is installed | oval | oval:org.mitre.oval:def:1683 |
comment | Solaris 10 (x86) is installed | oval | oval:org.mitre.oval:def:1926 |
| description | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | family | unix | id | oval:org.mitre.oval:def:6219 | status | accepted | submitted | 2009-02-13T15:56:00.000-05:00 | title | Security Vulnerabilities in the libxml2 Library Routines xmlSAX2Characters() May Lead to Arbitrary Code Execution or Denial of Service (DoS) | version | 35 |
accepted | 2010-05-17T04:00:14.937-04:00 | class | vulnerability | contributors | name | Michael Wood | organization | Hewlett-Packard |
name | Michael Wood | organization | Hewlett-Packard |
name | J. Daniel Brown | organization | DTCC |
| definition_extensions | comment | VMWare ESX Server 3.0.3 is installed | oval | oval:org.mitre.oval:def:6026 |
comment | VMWare ESX Server 3.0.2 is installed | oval | oval:org.mitre.oval:def:5613 |
comment | VMware ESX Server 3.5.0 is installed | oval | oval:org.mitre.oval:def:5887 |
| description | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | family | unix | id | oval:org.mitre.oval:def:6360 | status | accepted | submitted | 2009-09-23T15:39:02.000-04:00 | title | Libxml2 Integer Overflow in xmlSAX2Characters() May Let Remote Users Execute Arbitrary Code | version | 5 |
accepted | 2013-04-29T04:23:04.825-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | family | unix | id | oval:org.mitre.oval:def:9888 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document. | version | 30 |
|
redhat
via4
|
advisories | bugzilla | id | 470480 | title | CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | libxml2 is earlier than 0:2.6.16-12.6 | oval | oval:com.redhat.rhsa:tst:20080988001 |
comment | libxml2 is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080032002 |
|
AND | comment | libxml2-devel is earlier than 0:2.6.16-12.6 | oval | oval:com.redhat.rhsa:tst:20080988003 |
comment | libxml2-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080032004 |
|
AND | comment | libxml2-python is earlier than 0:2.6.16-12.6 | oval | oval:com.redhat.rhsa:tst:20080988005 |
comment | libxml2-python is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20080032006 |
|
|
|
AND | comment | Red Hat Enterprise Linux 5 is installed | oval | oval:com.redhat.rhba:tst:20070331005 |
OR | AND | comment | libxml2 is earlier than 0:2.6.26-2.1.2.7 | oval | oval:com.redhat.rhsa:tst:20080988008 |
comment | libxml2 is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20080032009 |
|
AND | comment | libxml2-devel is earlier than 0:2.6.26-2.1.2.7 | oval | oval:com.redhat.rhsa:tst:20080988010 |
comment | libxml2-devel is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20080032011 |
|
AND | comment | libxml2-python is earlier than 0:2.6.26-2.1.2.7 | oval | oval:com.redhat.rhsa:tst:20080988012 |
comment | libxml2-python is signed with Red Hat redhatrelease key | oval | oval:com.redhat.rhsa:tst:20080032013 |
|
|
|
|
| rhsa | id | RHSA-2008:0988 | released | 2008-11-17 | severity | Important | title | RHSA-2008:0988: libxml2 security update (Important) |
|
| rpms | - libxml2-0:2.4.19-12.ent
- libxml2-0:2.5.10-14
- libxml2-0:2.6.16-12.6
- libxml2-0:2.6.26-2.1.2.7
- libxml2-debuginfo-0:2.5.10-14
- libxml2-debuginfo-0:2.6.16-12.6
- libxml2-debuginfo-0:2.6.26-2.1.2.7
- libxml2-devel-0:2.4.19-12.ent
- libxml2-devel-0:2.5.10-14
- libxml2-devel-0:2.6.16-12.6
- libxml2-devel-0:2.6.26-2.1.2.7
- libxml2-python-0:2.4.19-12.ent
- libxml2-python-0:2.5.10-14
- libxml2-python-0:2.6.16-12.6
- libxml2-python-0:2.6.26-2.1.2.7
|
|
refmap
via4
|
apple | - APPLE-SA-2009-06-08-1
- APPLE-SA-2009-06-17-1
| bid | 32326 | confirm | | debian | DSA-1666 | fedora | - FEDORA-2008-9729
- FEDORA-2008-9773
| gentoo | GLSA-200812-06 | hp | | mandriva | MDVSA-2008:231 | osvdb | 49993 | sectrack | 1021238 | secunia | - 32762
- 32764
- 32766
- 32773
- 32802
- 32807
- 32811
- 32872
- 32974
- 33417
- 33746
- 33792
- 34247
- 35379
- 36173
- 36235
| slackware | SSA:2008-324-01 | sunalert | | suse | SUSE-SR:2008:026 | ubuntu | USN-673-1 | vupen | - ADV-2008-3176
- ADV-2009-0034
- ADV-2009-0301
- ADV-2009-0323
- ADV-2009-1522
- ADV-2009-1621
|
|
Last major update |
29-09-2017 - 01:32 |
Published |
25-11-2008 - 23:30 |
Last modified |
29-09-2017 - 01:32 |