CVE-2007-6284

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

References

http://bugs.gentoo.org/show_bug.cgi?id=202628

http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

http://lists.vmware.com/pipermail/security-announce/2008/000009.html

http://mail.gnome.org/archives/xml/2008-January/msg00036.html

http://secunia.com/advisories/28439

http://secunia.com/advisories/28444

http://secunia.com/advisories/28450

http://secunia.com/advisories/28452

http://secunia.com/advisories/28458

http://secunia.com/advisories/28466

http://secunia.com/advisories/28470

http://secunia.com/advisories/28475

http://secunia.com/advisories/28636

http://secunia.com/advisories/28716

http://secunia.com/advisories/28740

http://secunia.com/advisories/29591

http://secunia.com/advisories/31074

http://security.gentoo.org/glsa/glsa-200801-20.xml

http://securitytracker.com/id?1019181

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1

http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm

http://www.debian.org/security/2008/dsa-1461

http://www.mandriva.com/security/advisories?name=MDVSA-2008:010

http://www.novell.com/linux/security/advisories/suse_security_summary_report.html

http://www.redhat.com/support/errata/RHSA-2008-0032.html

http://www.securityfocus.com/archive/1/486410/100/0/threaded

http://www.securityfocus.com/archive/1/490306/100/0/threaded

http://www.securityfocus.com/bid/27248

http://www.vupen.com/english/advisories/2008/0117

http://www.vupen.com/english/advisories/2008/0144

http://www.vupen.com/english/advisories/2008/1033/references

http://www.vupen.com/english/advisories/2008/2094/references

http://www.xmlsoft.org/news.html

https://bugzilla.redhat.com/show_bug.cgi?id=425927

https://issues.rpath.com/browse/RPL-2121

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216

https://usn.ubuntu.com/569-1/

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html

https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html

Details

Source: MITRE

Published: 2008-01-12

Updated: 2018-10-15

Type: CWE-399

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
79462OracleVM 2.1 : libxml2 (OVMSA-2009-0018)NessusOracleVM Local Security Checks
critical
67637Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0032)NessusOracle Linux Local Security Checks
medium
60342Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
41179SuSE9 Security Update : libxml2 (YOU Patch Number 12032)NessusSuSE Local Security Checks
medium
40376VMSA-2008-0006 : Updated libxml2 service console packageNessusVMware ESX Local Security Checks
medium
36842Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:010)NessusMandriva Local Security Checks
medium
33278VLC Media Player < 0.8.6h Multiple VulnerabilitiesNessusWindows
high
30137GLSA-200801-20 : libxml2: Denial of ServiceNessusGentoo Local Security Checks
medium
30095openSUSE 10 Security Update : libxml2 (libxml2-4841)NessusSuSE Local Security Checks
medium
30094SuSE 10 Security Update : libxml2 (ZYPP Patch Number 4840)NessusSuSE Local Security Checks
medium
29979Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libxml2 vulnerability (USN-569-1)NessusUbuntu Local Security Checks
medium
29954RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0032)NessusRed Hat Local Security Checks
medium
29943Fedora 7 : libxml2-2.6.31-1.fc7 (2008-0477)NessusFedora Local Security Checks
medium
29940Fedora 8 : libxml2-2.6.31-1.fc8 (2008-0462)NessusFedora Local Security Checks
medium
29938Debian DSA-1461-1 : libxml2 - missing input validationNessusDebian Local Security Checks
medium
29932CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0032)NessusCentOS Local Security Checks
medium
4562VLC Media Player < 0.8.6h Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
high