FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3529

This CVE name corresponds to:

Entered Topic
2008-10-15 libxml2 -- two vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3529 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3529
Phase Assigned(20080807)

Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

References

Source Reference
MILW0RM 8798
MISC http://xmlsoft.org/news.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=461015
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0325
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
CONFIRM http://support.apple.com/kb/HT3549
CONFIRM http://support.apple.com/kb/HT3550
CONFIRM http://support.apple.com/kb/HT3613
CONFIRM http://support.apple.com/kb/HT3639
CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
CONFIRM http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
APPLE APPLE-SA-2009-05-12
APPLE APPLE-SA-2009-06-08-1
APPLE APPLE-SA-2009-06-17-1
DEBIAN DSA-1654
GENTOO GLSA-200812-06
MANDRIVA MDVSA-2008:192
REDHAT RHSA-2008:0884
REDHAT RHSA-2008:0886
SUNALERT 247346
SUNALERT 261688
SUNALERT 265329
SUSE SUSE-SR:2008:018
UBUNTU USN-644-1
UBUNTU USN-815-1
CERT TA09-133A
BID 31126
OVAL oval:org.mitre.oval:def:11760
OVAL oval:org.mitre.oval:def:6103
SECUNIA 31558
SECUNIA 35056
SECUNIA 35074
SECUNIA 35379
SECUNIA 36173
SECUNIA 36235
VUPEN ADV-2008-2822
SECTRACK 1020855
SECUNIA 31855
SECUNIA 31860
SECUNIA 31868
SECUNIA 32280
SECUNIA 32807
SECUNIA 32974
SECUNIA 33715
SECUNIA 31982
SECUNIA 33722
SECUNIA 32265
VUPEN ADV-2009-1297
VUPEN ADV-2009-1298
VUPEN ADV-2009-1522
VUPEN ADV-2009-1621
XF libxml2-entitynames-bo(45085)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.