CVE-2008-3529

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.7.0 libxml2 versions prior to 2.7.2

Description The issue is related to a heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2, which allows context-dependent attackers to cause a denial of service or execute arbitrary code via a long XML entity name. Multiple vulnerabilities in the libxml2 package may lead to a violation of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For libxml2 versions prior to 2.7.0, update to version 2.7.0 or later. For libxml2 versions prior to 2.7.2, update to version 2.7.2 or later. As a temporary workaround, consider restricting access to the xmlParseAttValueComplex function in parser.c until a patch is available.

Exploit

Fix

DoS

Buffer Overflow

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-776

Related Identifiers

BDU:2015-06383

BDU:2015-06386

BDU:2015-06388

BDU:2015-07189

BDU:2015-09349

CVE-2008-3529

DSA-1654-1

RHSA-2008:0884

RHSA-2008:0886

RHSA-2008_0884

Affected Products

Red Hat

Libxml2

CVE-2008-3529

Weakness Enumeration

Related Identifiers

Affected Products

References · 66