CVE-2008-4409 - libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, whic

CVE-2008-4409

Summary

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281. Patch Information - http://www.securityfocus.com/bid/30783/solution

References

Vulnerable Configurations

cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 08-08-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

apple	APPLE-SA-2009-06-08-1 APPLE-SA-2009-06-17-1
bid	31555
confirm	http://bugzilla.gnome.org/show_bug.cgi?id=554660 http://support.apple.com/kb/HT3613 http://support.apple.com/kb/HT3639
fedora	FEDORA-2008-8575 FEDORA-2008-8582
gentoo	GLSA-200812-06
mandriva	MDVSA-2008:212
mlist	[oss-security] 20081002 libxml2 "ampproblem" DoS
secunia	32130 32175 32974 35379
vupen	ADV-2009-1522 ADV-2009-1621
xf	libxml2-xml-file-dos(45633)

statements via4

contributor	Tomas Hoger
lastmodified	2017-08-07
organization	Red Hat
statement	Not vulnerable. This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

08-08-2017 - 01:32

Published

03-10-2008 - 17:41

Last modified

08-08-2017 - 01:32