Lucene search
RootSSV:4524HistoryDec 05, 2008 - 12:00 a.m.
Libxml2预定义实体拒绝服务漏洞
2008-12-0500:00:00
Root
www.seebug.org
13
0.034 Low
EPSS
Percentile
91.5%
BUGTRAQ ID: 31555
CVE(CAN) ID: CVE-2008-4409
libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。
libxml2没有正确地处理实体中的预定义实体定义,如果用户受骗打开了恶意的XML文件的话,就可能导致耗尽所有内存,应用程序会崩溃。
XMLSoft Libxml2 2.7.1
XMLSoft Libxml2 2.7.0
Gentoo
Gentoo已经为此发布了一个安全公告(GLSA-200812-06)以及相应补丁:
GLSA-200812-06:libxml2: Multiple vulnerabilities
链接:<a href=“http://security.gentoo.org/glsa/glsa-200812-06.xml” target=“_blank”>http://security.gentoo.org/glsa/glsa-200812-06.xml</a>
所有libxml2用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.2-r1"
<?xml version='1.0' ?>
<!DOCTYPE test [
<!ENTITY ampproblem '&amp;'>
]>
<t a="&ampproblem;">a</t>
Related
openvas
openvas
Mandriva Update for libxml2 MDVSA-2008:212 (libxml2)
2009-04-09 00:00:00
Fedora Update for libxml2 FEDORA-2008-8575
2009-02-17 00:00:00
Mandriva Update for libxml2 MDVSA-2008:212 (libxml2)
2009-04-09 00:00:00
nessus
nessus
Fedora 9 : libxml2-2.7.1-2.fc9 (2008-8575)
2008-10-06 00:00:00
Fedora 8 : libxml2-2.7.1-2.fc8 (2008-8582)
2008-10-06 00:00:00
Mandriva Linux Security Advisory : libxml2 (MDVSA-2008:212)
2009-04-23 00:00:00
securityvulns
securityvulns
[ MDVSA-2008:212 ] libxml2
2008-10-16 00:00:00
libxml memory corruption
2008-10-16 00:00:00
cve
cve
CVE-2008-4422
2022-10-03 16:13:58
CVE-2008-4409
2008-10-03 17:41:40
prion
prion
Design/Logic Flaw
2008-10-07 21:01:00
Code injection
2008-10-03 17:41:00
nvd
nvd
CVE-2008-4422
2008-10-07 21:01:52
CVE-2008-4409
2008-10-03 17:41:40
cvelist
cvelist
CVE-2008-4409
2008-10-03 17:18:00
ubuntucve
ubuntucve
CVE-2008-4409
2008-10-03 00:00:00
debiancve
debiancve
CVE-2008-4409
2008-10-03 17:41:40
gentoo
gentoo
libxml2: Multiple vulnerabilities
2008-12-02 00:00:00