CVE-2008-3281

Severity

43%

Complexity

86%

Confidentiality

48%

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 16 years ago

2008-08-27 20:41:00

Last updated 6 years ago

2018-10-11 20:47:00

Affected Software

XMLSoft Libxml2 2.4.19

2.4.19

XMLSoft Libxml2 2.4.23

2.4.23

XMLSoft Libxml2 2.5.4

2.5.4

Xmlsoft Libxml2 2.5.10

2.5.10

XMLSoft Libxml2 2.5.11

2.5.11

XMLSoft Libxml2 2.6.0

2.6.0

XMLSoft Libxml2 2.6.1

2.6.1

XMLSoft Libxml2 2.6.2

2.6.2

XMLSoft Libxml2 2.6.3

2.6.3

XMLSoft Libxml2 2.6.11

2.6.11

XMLSoft Libxml2 2.6.12

2.6.12

XMLSoft Libxml2 2.6.13

2.6.13

XMLSoft Libxml2 2.6.14

2.6.14

XMLSoft Libxml2

References

APPLE-SA-2009-06-08-1

APPLE-SA-2009-06-17-1

SUSE-SR:2008:018

[Security-announce] 20081030 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff

[xml] 20080820 Security fix for libxml2

Exploit

31558

31566

31590

31728

31748

31855

31982

32488

32807

32974

35379

GLSA-200812-06

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772

http://wiki.rpath.com/Advisories:rPSA-2008-0325

DSA-1631

MDVSA-2008:180

MDVSA-2008:192

20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff

30783

Patch

1020728

USN-640-1

http://www.vmware.com/security/advisories/VMSA-2008-0017.html

ADV-2008-2419

ADV-2008-2843

ADV-2008-2971

ADV-2009-1522

ADV-2009-1621

http://xmlsoft.org/news.html

https://bugzilla.redhat.com/show_bug.cgi?id=458086

oval:org.mitre.oval:def:6496

oval:org.mitre.oval:def:9812

RHSA-2008:0836

USN-644-1

FEDORA-2008-7594

FEDORA-2008-7395

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.