Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-2935HistoryAug 01, 2008 - 2:41 p.m.
CVE-2008-2935
2008-08-0114:41:00
Debian Security Bug Tracker
security-tracker.debian.org
11
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.18
Percentile
96.2%
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as βan argument in the XSL input.β
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | libxslt | <Β 1.1.24-2 | libxslt_1.1.24-2_all.deb |
| Debian | 11 | all | libxslt | <Β 1.1.24-2 | libxslt_1.1.24-2_all.deb |
| Debian | 999 | all | libxslt | <Β 1.1.24-2 | libxslt_1.1.24-2_all.deb |
| Debian | 13 | all | libxslt | <Β 1.1.24-2 | libxslt_1.1.24-2_all.deb |
Related
openvas
openvas
Oracle: Security Advisory (ELSA-2008-0649)
2015-10-08 00:00:00
SLES10: Security update for libxslt
2009-10-13 00:00:00
SLES10: Security update for libxslt
2009-10-13 00:00:00
nessus
nessus
openSUSE 10 Security Update : libxslt (libxslt-5458)
2008-09-03 00:00:00
Scientific Linux Security Update : libxslt on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
Fedora 9 : libxslt-1.1.24-2.fc9 (2008-7062)
2008-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
GNOME Project libxslt Library RC4 Key String Buffer Overflow (CVE-2008-2935)
2010-03-11 00:00:00
prion
prion
Heap overflow
2008-08-01 14:41:00
centos
centos
libxslt security update
2008-07-31 17:59:53
seebug
seebug
libxslt RC4ε ε―/解ε―ε½ζ°ε ζΊ’εΊζΌζ΄
2008-08-03 00:00:00
cve
cve
CVE-2008-2935
2008-08-01 14:41:00
securityvulns
securityvulns
[oCERT-2008-009] libxslt heap overflow
2008-08-01 00:00:00
libxslt multiple security vulnerabilities
2008-08-01 00:00:00
redhat
redhat
(RHSA-2008:0649) Moderate: libxslt security update
2008-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: libxslt-1.1.24-2.fc8
2008-08-07 23:51:46
[SECURITY] Fedora 9 Update: libxslt-1.1.24-2.fc9
2008-08-07 23:53:48
debian
debian
[SECURITY] [DSA 1624-1] New libxslt packages fix arbitrary code execution
2008-07-31 20:19:20
oraclelinux
oraclelinux
libxslt security update
2008-07-31 00:00:00
nvd
nvd
CVE-2008-2935
2008-08-01 14:41:00
ubuntucve
ubuntucve
CVE-2008-2935
2008-08-01 00:00:00
gentoo
gentoo
libxslt: Execution of arbitrary code
2008-08-06 00:00:00
cvelist
cvelist
CVE-2008-2935
2008-08-01 14:00:00
ubuntu
ubuntu
libxslt vulnerabilities
2008-08-01 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.18
Percentile
96.2%
Related for DEBIANCVE:CVE-2008-2935