Lucene search

[email protected]CVE-2008-3281

HistoryAug 27, 2008 - 8:41 p.m.

CVE-2008-3281

2008-08-2720:41:00

CWE-776

[email protected]

web.nvd.nist.gov

libxml2

cve-2008-3281

denial of service

memory consumption

cpu consumption

xml

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Affected configurations

NVD

Node

xmlsoftlibxml2Range≤2.6.32

Node

applesafariRange<4.0

appleiphone_osRange1.0.0–3.0

Node

fedoraprojectfedoraMatch9

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch7.04

canonicalubuntu_linuxMatch7.10

canonicalubuntu_linuxMatch8.04

Node

debiandebian_linuxMatch4.0

Node

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch4.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_eusMatch4.7

redhatenterprise_linux_eusMatch5.2

redhatenterprise_linux_serverMatch2.0

redhatenterprise_linux_serverMatch3.0

redhatenterprise_linux_serverMatch4.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_workstationMatch2.0

redhatenterprise_linux_workstationMatch3.0

redhatenterprise_linux_workstationMatch4.0

redhatenterprise_linux_workstationMatch5.0

Node

vmwareesxMatch2.5.4

vmwareesxMatch2.5.5

vmwareesxMatch3.0.2

vmwareesxMatch3.0.3

CPENameOperatorVersion
xmlsoft:libxml2xmlsoft libxml2le2.6.32

CPE	Name	Operator	Version
xmlsoft:libxml2	xmlsoft libxml2	le	2.6.32

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

lists.vmware.com/pipermail/security-announce/2008/000039.html

mail.gnome.org/archives/xml/2008-August/msg00034.html

secunia.com/advisories/31558

secunia.com/advisories/31566

secunia.com/advisories/31590

secunia.com/advisories/31728

secunia.com/advisories/31748

secunia.com/advisories/31855

secunia.com/advisories/31982

secunia.com/advisories/32488

secunia.com/advisories/32807

secunia.com/advisories/32974

secunia.com/advisories/35379

security.gentoo.org/glsa/glsa-200812-06.xml

support.apple.com/kb/HT3613

support.apple.com/kb/HT3639

svn.gnome.org/viewvc/libxml2?view=revision&revision=3772

wiki.rpath.com/Advisories:rPSA-2008-0325

www.debian.org/security/2008/dsa-1631

www.mandriva.com/security/advisories?name=MDVSA-2008:180

www.mandriva.com/security/advisories?name=MDVSA-2008:192

www.securityfocus.com/archive/1/497962/100/0/threaded

www.securityfocus.com/bid/30783

www.securitytracker.com/id?1020728

www.ubuntu.com/usn/usn-640-1

www.vmware.com/security/advisories/VMSA-2008-0017.html

www.vupen.com/english/advisories/2008/2419

www.vupen.com/english/advisories/2008/2843

www.vupen.com/english/advisories/2008/2971

www.vupen.com/english/advisories/2009/1522

www.vupen.com/english/advisories/2009/1621

xmlsoft.org/news.html

bugzilla.redhat.com/show_bug.cgi?id=458086

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812

rhn.redhat.com/errata/RHSA-2008-0836.html

usn.ubuntu.com/644-1/

www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html

www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for CVE-2008-3281

nessus21 openvas32 altlinux4 prion2 debian2 ubuntucve2 ubuntu2 seebug1 securityvulns2 fedora2 nvd2 debiancve2 centos2 redhat1 oraclelinux1 cvelist2 freebsd1 cve1 vmware2 gentoo1