CVE-2008-4225

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://secunia.com/advisories/32762

http://secunia.com/advisories/32764

http://secunia.com/advisories/32766

http://secunia.com/advisories/32773

http://secunia.com/advisories/32802

http://secunia.com/advisories/32807

http://secunia.com/advisories/32811

http://secunia.com/advisories/32974

http://secunia.com/advisories/33417

http://secunia.com/advisories/33746

http://secunia.com/advisories/33792

http://secunia.com/advisories/34247

http://secunia.com/advisories/35379

http://secunia.com/advisories/36173

http://secunia.com/advisories/36235

http://security.gentoo.org/glsa/glsa-200812-06.xml

http://securitytracker.com/id?1021239

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974

http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1

http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm

http://wiki.rpath.com/Advisories:rPSA-2008-0325

http://www.debian.org/security/2008/dsa-1666

http://www.mandriva.com/security/advisories?name=MDVSA-2008:231

http://www.osvdb.org/49992

http://www.redhat.com/support/errata/RHSA-2008-0988.html

http://www.securityfocus.com/bid/32331

http://www.ubuntu.com/usn/usn-673-1

http://www.vmware.com/security/advisories/VMSA-2009-0001.html

http://www.vupen.com/english/advisories/2008/3176

http://www.vupen.com/english/advisories/2009/0034

http://www.vupen.com/english/advisories/2009/0301

http://www.vupen.com/english/advisories/2009/0323

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1621

https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10

https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9

https://bugzilla.redhat.com/show_bug.cgi?id=470480

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10025

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6234

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6415

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html

Details

Source: MITRE

Published: 2008-11-25

Updated: 2017-09-29

Type: CWE-189

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:xmlsoft:libxml:2.7.2:*:*:*:*:*:*:*

Tenable Plugins

View all (53 total)

IDNameProductFamilySeverity
107950Solaris 10 (x86) : 126357-06NessusSolaris Local Security Checks
critical
107898Solaris 10 (x86) : 123924-11NessusSolaris Local Security Checks
critical
107871Solaris 10 (x86) : 120955-12NessusSolaris Local Security Checks
critical
107450Solaris 10 (sparc) : 126356-06NessusSolaris Local Security Checks
critical
107395Solaris 10 (sparc) : 123923-12NessusSolaris Local Security Checks
critical
107369Solaris 10 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
79462OracleVM 2.1 : libxml2 (OVMSA-2009-0018)NessusOracleVM Local Security Checks
critical
67769Oracle Linux 3 / 4 / 5 : libxml2 (ELSA-2008-0988)NessusOracle Linux Local Security Checks
critical
67170Solaris 9 (x86) : 127682-07NessusSolaris Local Security Checks
critical
67169Solaris 9 (x86) : 123922-11NessusSolaris Local Security Checks
critical
67167Solaris 9 (sparc) : 127681-07NessusSolaris Local Security Checks
critical
67163Solaris 8 (sparc) : 127680-07NessusSolaris Local Security Checks
critical
67153Solaris 10 (x86) : 123924-11 (deprecated)NessusSolaris Local Security Checks
critical
62272Fedora 10 : libxml2-2.7.2-2.fc10 (2008-10038)NessusFedora Local Security Checks
critical
60496Scientific Linux Security Update : libxml2 on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
44085Solaris 5.9 (x86) : 126356-03NessusSolaris Local Security Checks
critical
41257SuSE9 Security Update : libxml2 (YOU Patch Number 12301)NessusSuSE Local Security Checks
high
5134Sun OpenSSO Enterprise 8.0 < Patch1 Update1 Memory CorruptionNessus Network MonitorWeb Servers
medium
5133Sun Java System Access Manager 7.1 < Patch 3 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
40387VMSA-2009-0001 : ESX patches address an issue loading corrupt virtual disks and update Service Console packagesNessusVMware ESX Local Security Checks
critical
40057openSUSE Security Update : libxml2 (libxml2-314)NessusSuSE Local Security Checks
high
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
39338Mac OS X : Apple Safari < 4.0NessusMacOS X Local Security Checks
high
38126Solaris 10 (x86) : 120955-12 (deprecated)NessusSolaris Local Security Checks
critical
38005Solaris 9 (x86) : 120955-12NessusSolaris Local Security Checks
critical
37692CentOS 3 / 4 / 5 : libxml2 (CESA-2008:0988)NessusCentOS Local Security Checks
critical
37632Solaris 10 (sparc) : 123923-12 (deprecated)NessusSolaris Local Security Checks
critical
37533Solaris 9 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
37490Fedora 10 2008-10000NessusFedora Local Security Checks
critical
37363Solaris 8 (sparc) : 123920-12NessusSolaris Local Security Checks
critical
37271Solaris 8 (sparc) : 120954-12NessusSolaris Local Security Checks
critical
36916Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libxml2 vulnerabilities (USN-673-1)NessusUbuntu Local Security Checks
critical
36883Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:231)NessusMandriva Local Security Checks
critical
36756Solaris 10 (sparc) : 120954-12 (deprecated)NessusSolaris Local Security Checks
critical
36354Solaris 9 (sparc) : 123921-12NessusSolaris Local Security Checks
critical
35320SuSE 10 Security Update : libxml2 (ZYPP Patch Number 5802)NessusSuSE Local Security Checks
high
35023GLSA-200812-06 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
34983openSUSE 10 Security Update : libxml2 (libxml2-5799)NessusSuSE Local Security Checks
high
34840FreeBSD : libxml2 -- multiple vulnerabilities (f1e0164e-b67b-11dd-a55e-00163e000016)NessusFreeBSD Local Security Checks
critical
34834Fedora 9 : libxml2-2.7.2-2.fc9 (2008-9773)NessusFedora Local Security Checks
critical
34830Fedora 8 : libxml2-2.7.2-2.fc8 (2008-9729)NessusFedora Local Security Checks
critical
34822Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / current : libxml2 (SSA:2008-324-01)NessusSlackware Local Security Checks
critical
34811RHEL 2.1 / 3 / 4 / 5 : libxml2 (RHSA-2008:0988)NessusRed Hat Local Security Checks
critical
34810Debian DSA-1666-1 : libxml2 - several vulnerabilitiesNessusDebian Local Security Checks
critical
30014Solaris 5.9 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30013Solaris 5.9 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30012Solaris 5.8 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30011Solaris 5.8 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
30010Solaris 5.10 (x86) : 126357-03NessusSolaris Local Security Checks
critical
30007Solaris 5.10 (sparc) : 126356-03NessusSolaris Local Security Checks
critical
25389Solaris 10 (x86) : 119467-17 (deprecated)NessusSolaris Local Security Checks
critical
23690Solaris 7 (sparc) : 123919-12NessusSolaris Local Security Checks
critical
23612Solaris 9 (x86) : 119467-17NessusSolaris Local Security Checks
critical