ID CVE-2008-4409
Summary libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. Patch Information - http://www.securityfocus.com/bid/30783/solution
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
apple
  • APPLE-SA-2009-06-08-1
  • APPLE-SA-2009-06-17-1
bid 31555
confirm
fedora
  • FEDORA-2008-8575
  • FEDORA-2008-8582
gentoo GLSA-200812-06
mandriva MDVSA-2008:212
mlist [oss-security] 20081002 libxml2 "ampproblem" DoS
secunia
  • 32130
  • 32175
  • 32974
  • 35379
vupen
  • ADV-2009-1522
  • ADV-2009-1621
xf libxml2-xml-file-dos(45633)
statements via4
contributor Tomas Hoger
lastmodified 2017-08-07
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Last major update 08-08-2017 - 01:32
Published 03-10-2008 - 17:41
Back to Top