cpe:/a:xmlsoft:libxslt:1.1.8 cpe:/a:xmlsoft:libxslt:1.1.9 cpe:/a:xmlsoft:libxslt:1.1.10 cpe:/a:xmlsoft:libxslt:1.1.11 cpe:/a:xmlsoft:libxslt:1.1.12 cpe:/a:xmlsoft:libxslt:1.1.13 cpe:/a:xmlsoft:libxslt:1.1.14 cpe:/a:xmlsoft:libxslt:1.1.15 cpe:/a:xmlsoft:libxslt:1.1.16 cpe:/a:xmlsoft:libxslt:1.1.17 cpe:/a:xmlsoft:libxslt:1.1.18 cpe:/a:xmlsoft:libxslt:1.1.19 cpe:/a:xmlsoft:libxslt:1.1.20 cpe:/a:xmlsoft:libxslt:1.1.21 cpe:/a:xmlsoft:libxslt:1.1.22 cpe:/a:xmlsoft:libxslt:1.1.23 cpe:/a:xmlsoft:libxslt:1.1.24 CVE-2008-2935 2008-08-01T10:41:00.000-04:00 2017-09-28T21:31:25.570-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-08-01T14:50:00.000-04:00 SECTRACK 1020596 BUGTRAQ 20080731 [oCERT-2008-009] libxslt heap overflow BUGTRAQ 20080801 libxslt heap overflow BUGTRAQ 20081027 rPSA-2008-0306-1 libxslt BID 30467 SECUNIA 31230 SECUNIA 31310 SECUNIA 31331 SECUNIA 31363 SECUNIA 31395 SECUNIA 31399 SECUNIA 32453 SREASON 4078 VUPEN ADV-2008-2266 DEBIAN DSA-1624 FEDORA FEDORA-2008-7029 FEDORA FEDORA-2008-7062 GENTOO GLSA-200808-06 MANDRIVA MDVSA-2008:160 REDHAT RHSA-2008:0649 UBUNTU USN-633-1 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306 MISC http://www.ocert.org/advisories/ocert-2008-009.html MISC http://www.ocert.org/patches/exslt_crypt.patch MISC http://www.scary.beasts.org/security/CESA-2008-003.html XF libxslt-multiple-crypto-bo(44141) Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."