libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
02 Feb 2024, 15:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html - Mailing List | |
References | () http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html - Broken Link, Mailing List | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html - Mailing List | |
References | () http://lists.vmware.com/pipermail/security-announce/2008/000039.html - Broken Link | |
References | () http://mail.gnome.org/archives/xml/2008-August/msg00034.html - Mailing List, Patch | |
References | () http://secunia.com/advisories/31558 - Broken Link | |
References | () http://secunia.com/advisories/31566 - Broken Link | |
References | () http://secunia.com/advisories/31590 - Broken Link | |
References | () http://secunia.com/advisories/31728 - Broken Link | |
References | () http://secunia.com/advisories/31748 - Broken Link | |
References | () http://secunia.com/advisories/31855 - Broken Link | |
References | () http://secunia.com/advisories/31982 - Broken Link | |
References | () http://secunia.com/advisories/32488 - Broken Link | |
References | () http://secunia.com/advisories/32807 - Broken Link | |
References | () http://secunia.com/advisories/32974 - Broken Link | |
References | () http://secunia.com/advisories/35379 - Broken Link | |
References | () http://security.gentoo.org/glsa/glsa-200812-06.xml - Third Party Advisory | |
References | () http://support.apple.com/kb/HT3613 - Third Party Advisory | |
References | () http://support.apple.com/kb/HT3639 - Third Party Advisory | |
References | () http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772 - Broken Link | |
References | () http://wiki.rpath.com/Advisories:rPSA-2008-0325 - Broken Link | |
References | () http://www.debian.org/security/2008/dsa-1631 - Mailing List, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:180 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 - Broken Link | |
References | () http://www.securityfocus.com/archive/1/497962/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/30783 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1020728 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-640-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2008-0017.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2008/2419 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2008/2843 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2008/2971 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2009/1522 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2009/1621 - Broken Link | |
References | () http://xmlsoft.org/news.html - Release Notes | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=458086 - Issue Tracking | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812 - Broken Link | |
References | () https://rhn.redhat.com/errata/RHSA-2008-0836.html - Third Party Advisory | |
References | () https://usn.ubuntu.com/644-1/ - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html - Mailing List | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html - Mailing List | |
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.5 |
First Time |
Apple safari
Canonical Redhat enterprise Linux Desktop Fedoraproject fedora Vmware Fedoraproject Canonical ubuntu Linux Debian Redhat enterprise Linux Eus Redhat enterprise Linux Server Redhat Vmware esx Debian debian Linux Apple Apple iphone Os Redhat enterprise Linux Workstation |
|
CWE | CWE-776 | |
CPE | cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:5.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:2.5.5:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:4.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:2.5.4:*:*:*:*:*:*:* cpe:2.3:o:vmware:esx:3.0.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* |
Information
Published : 2008-08-27 20:41
Updated : 2024-02-02 15:02
NVD link : CVE-2008-3281
Mitre link : CVE-2008-3281
CVE.ORG link : CVE-2008-3281
JSON object : View
Products Affected
vmware
- esx
xmlsoft
- libxml2
apple
- iphone_os
- safari
debian
- debian_linux
fedoraproject
- fedora
redhat
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
canonical
- ubuntu_linux
CWE
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')