OpenCVE

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Safari
Canonical	Ubuntu Linux
Debian	Debian Linux
Redhat	Enterprise Linux
Xmlsoft	Libxml2

Configuration 1 [-]

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
libxml2-0:2.4.19-11.ent	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0886	2008-09-11T00:00:00Z
Red Hat Enterprise Linux 3
libxml2-0:2.5.10-13	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0884	2008-09-11T00:00:00Z
Red Hat Enterprise Linux 4
libxml2-0:2.6.16-12.5	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0884	2008-09-11T00:00:00Z
Red Hat Enterprise Linux 5
libxml2-0:2.6.26-2.1.2.6	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0884	2008-09-11T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://secunia.com/advisories/31558
http://secunia.com/advisories/31855
http://secunia.com/advisories/31860
http://secunia.com/advisories/31868
http://secunia.com/advisories/31982
http://secunia.com/advisories/32265
http://secunia.com/advisories/32280
http://secunia.com/advisories/32807
http://secunia.com/advisories/32974
http://secunia.com/advisories/33715
http://secunia.com/advisories/33722
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://securitytracker.com/id?1020855
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3550
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.debian.org/security/2008/dsa-1654
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
http://www.redhat.com/support/errata/RHSA-2008-0884.html
http://www.redhat.com/support/errata/RHSA-2008-0886.html
http://www.securityfocus.com/bid/31126
http://www.ubuntu.com/usn/USN-815-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2822
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://xmlsoft.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=461015
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
https://nvd.nist.gov/vuln/detail/CVE-2008-3529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
https://usn.ubuntu.com/644-1/
https://www.cve.org/CVERecord?id=CVE-2008-3529
https://www.exploit-db.com/exploits/8798

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-09-12T16:00:00

Updated: 2024-08-07T09:45:18.156Z

Reserved: 2008-08-07T00:00:00

Link: CVE-2008-3529

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-12T16:56:20.493

Modified: 2023-02-13T02:19:25.937

Link: CVE-2008-3529

Redhat

Severity : Important

Publid Date: 2008-09-11T00:00:00Z

Links: CVE-2008-3529 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object