CVE-2008-4226

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-4226
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/32762 Vendor Advisory
http://secunia.com/advisories/32764 Vendor Advisory
http://secunia.com/advisories/32766 Vendor Advisory
http://secunia.com/advisories/32773 Vendor Advisory
http://secunia.com/advisories/32802 Vendor Advisory
http://secunia.com/advisories/32807 Vendor Advisory
http://secunia.com/advisories/32811 Vendor Advisory
http://secunia.com/advisories/32872
http://secunia.com/advisories/32974
http://secunia.com/advisories/33417
http://secunia.com/advisories/33746
http://secunia.com/advisories/33792
http://secunia.com/advisories/34247
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://securitytracker.com/id?1021238
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.debian.org/security/2008/dsa-1666 Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:231
http://www.osvdb.org/49993
http://www.redhat.com/support/errata/RHSA-2008-0988.html
http://www.securityfocus.com/bid/32326
http://www.ubuntu.com/usn/usn-673-1
http://www.vmware.com/security/advisories/VMSA-2009-0001.html
http://www.vupen.com/english/advisories/2008/3176
http://www.vupen.com/english/advisories/2009/0034
http://www.vupen.com/english/advisories/2009/0301
http://www.vupen.com/english/advisories/2009/0323
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10 Patch
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=470466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://secunia.com/advisories/32762 Vendor Advisory
http://secunia.com/advisories/32764 Vendor Advisory
http://secunia.com/advisories/32766 Vendor Advisory
http://secunia.com/advisories/32773 Vendor Advisory
http://secunia.com/advisories/32802 Vendor Advisory
http://secunia.com/advisories/32807 Vendor Advisory
http://secunia.com/advisories/32811 Vendor Advisory
http://secunia.com/advisories/32872
http://secunia.com/advisories/32974
http://secunia.com/advisories/33417
http://secunia.com/advisories/33746
http://secunia.com/advisories/33792
http://secunia.com/advisories/34247
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://securitytracker.com/id?1021238
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.debian.org/security/2008/dsa-1666 Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2008:231
http://www.osvdb.org/49993
http://www.redhat.com/support/errata/RHSA-2008-0988.html
http://www.securityfocus.com/bid/32326
http://www.ubuntu.com/usn/usn-673-1
http://www.vmware.com/security/advisories/VMSA-2009-0001.html
http://www.vupen.com/english/advisories/2008/3176
http://www.vupen.com/english/advisories/2009/0034
http://www.vupen.com/english/advisories/2009/0301
http://www.vupen.com/english/advisories/2009/0323
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10 Patch
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=470466
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:xmlsoft:libxml:2.7.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:51

Type Values Removed Values Added
References () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 - () http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 -
References () http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html - () http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html -
References () http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html - () http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html -
References () http://secunia.com/advisories/32762 - Vendor Advisory () http://secunia.com/advisories/32762 - Vendor Advisory
References () http://secunia.com/advisories/32764 - Vendor Advisory () http://secunia.com/advisories/32764 - Vendor Advisory
References () http://secunia.com/advisories/32766 - Vendor Advisory () http://secunia.com/advisories/32766 - Vendor Advisory
References () http://secunia.com/advisories/32773 - Vendor Advisory () http://secunia.com/advisories/32773 - Vendor Advisory
References () http://secunia.com/advisories/32802 - Vendor Advisory () http://secunia.com/advisories/32802 - Vendor Advisory
References () http://secunia.com/advisories/32807 - Vendor Advisory () http://secunia.com/advisories/32807 - Vendor Advisory
References () http://secunia.com/advisories/32811 - Vendor Advisory () http://secunia.com/advisories/32811 - Vendor Advisory
References () http://secunia.com/advisories/32872 - () http://secunia.com/advisories/32872 -
References () http://secunia.com/advisories/32974 - () http://secunia.com/advisories/32974 -
References () http://secunia.com/advisories/33417 - () http://secunia.com/advisories/33417 -
References () http://secunia.com/advisories/33746 - () http://secunia.com/advisories/33746 -
References () http://secunia.com/advisories/33792 - () http://secunia.com/advisories/33792 -
References () http://secunia.com/advisories/34247 - () http://secunia.com/advisories/34247 -
References () http://secunia.com/advisories/35379 - () http://secunia.com/advisories/35379 -
References () http://secunia.com/advisories/36173 - () http://secunia.com/advisories/36173 -
References () http://secunia.com/advisories/36235 - () http://secunia.com/advisories/36235 -
References () http://security.gentoo.org/glsa/glsa-200812-06.xml - () http://security.gentoo.org/glsa/glsa-200812-06.xml -
References () http://securitytracker.com/id?1021238 - () http://securitytracker.com/id?1021238 -
References () http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974 - () http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 -
References () http://support.apple.com/kb/HT3613 - () http://support.apple.com/kb/HT3613 -
References () http://support.apple.com/kb/HT3639 - () http://support.apple.com/kb/HT3639 -
References () http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm - () http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm -
References () http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm - () http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm -
References () http://wiki.rpath.com/Advisories:rPSA-2008-0325 - () http://wiki.rpath.com/Advisories:rPSA-2008-0325 -
References () http://www.debian.org/security/2008/dsa-1666 - Patch () http://www.debian.org/security/2008/dsa-1666 - Patch
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:231 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:231 -
References () http://www.osvdb.org/49993 - () http://www.osvdb.org/49993 -
References () http://www.redhat.com/support/errata/RHSA-2008-0988.html - () http://www.redhat.com/support/errata/RHSA-2008-0988.html -
References () http://www.securityfocus.com/bid/32326 - () http://www.securityfocus.com/bid/32326 -
References () http://www.ubuntu.com/usn/usn-673-1 - () http://www.ubuntu.com/usn/usn-673-1 -
References () http://www.vmware.com/security/advisories/VMSA-2009-0001.html - () http://www.vmware.com/security/advisories/VMSA-2009-0001.html -
References () http://www.vupen.com/english/advisories/2008/3176 - () http://www.vupen.com/english/advisories/2008/3176 -
References () http://www.vupen.com/english/advisories/2009/0034 - () http://www.vupen.com/english/advisories/2009/0034 -
References () http://www.vupen.com/english/advisories/2009/0301 - () http://www.vupen.com/english/advisories/2009/0301 -
References () http://www.vupen.com/english/advisories/2009/0323 - () http://www.vupen.com/english/advisories/2009/0323 -
References () http://www.vupen.com/english/advisories/2009/1522 - () http://www.vupen.com/english/advisories/2009/1522 -
References () http://www.vupen.com/english/advisories/2009/1621 - () http://www.vupen.com/english/advisories/2009/1621 -
References () https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10 - Patch () https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10 - Patch
References () https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9 - Patch () https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9 - Patch
References () https://bugzilla.redhat.com/show_bug.cgi?id=470466 - () https://bugzilla.redhat.com/show_bug.cgi?id=470466 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888 -
References () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html - () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html -
References () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html - () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html -
Information

Published : 2008-11-25 23:30

Updated : 2024-11-21 00:51

NVD link : CVE-2008-4226

Mitre link : CVE-2008-4226

CVE.ORG link : CVE-2008-4226

JSON object : View

Products Affected

xmlsoft

  • libxml
CWE
CWE-399

Resource Management Errors


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024