[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108741

 
 

909

 
 

85475

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2008-4225Date: (C)2008-11-25   (M)2018-06-02


Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.8
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1021239
SUNALERT-251406
SUNALERT-261688
SUNALERT-265329
BID-32331
SECUNIA-32762
SECUNIA-32764
SECUNIA-32766
SECUNIA-32773
SECUNIA-32802
SECUNIA-32807
SECUNIA-32811
SECUNIA-32974
SECUNIA-33417
SECUNIA-33746
SECUNIA-33792
SECUNIA-34247
SECUNIA-35379
SECUNIA-36173
SECUNIA-36235
OSVDB-49992
ADV-2008-3176
ADV-2009-0034
ADV-2009-0301
ADV-2009-0323
ADV-2009-1522
ADV-2009-1621
APPLE-SA-2009-06-08-1
APPLE-SA-2009-06-17-1
DSA-1666
FEDORA-2008-9729
FEDORA-2008-9773
GLSA-200812-06
IAVM:2009-B-0006
MDVSA-2008:231
RHSA-2008:0988
SSA:2008-324-01
USN-673-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.vmware.com/security/advisories/VMSA-2009-0001.html
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9
https://bugzilla.redhat.com/show_bug.cgi?id=470480

CWE    1
CWE-189
OVAL    5
oval:org.mitre.oval:def:7803
oval:org.secpod.oval:def:101485
oval:org.secpod.oval:def:17247
oval:org.secpod.oval:def:17282
...

© SecPod Technologies