CVE-2008-3281 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3281
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3281

Description: libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-640-1 http://www.ubuntulinux.org/support/documentation/usn/usn-644-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html ST 1020728 SAID Secunia Advisory: SA31982 Secunia Advisory: SA32974 Secunia Advisory: SA32807 Secunia Advisory: SA31566 Secunia Advisory: SA32488 Secunia Advisory: SA35379 Secunia Advisory: SA31728 Secunia Advisory: SA31558 Secunia Advisory: SA31748 Secunia Advisory: SA31590 Secunia Advisory: SA31855 REDHAT MLIST http://lists.vmware.com/pipermail/security-announce/2008/000039.html http://mail.gnome.org/archives/xml/2008-August/msg00034.html MISC http://www.vmware.com/security/advisories/VMSA-2008-0017.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:180 http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 GENTOO http://security.gentoo.org/glsa/glsa-200812-06.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1631 CONFIRM http://support.apple.com/kb/HT3613 http://xmlsoft.org/news.html http://wiki.rpath.com/Advisories:rPSA-2008-0325 http://support.apple.com/kb/HT3639 http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497962/100/0/threaded BID 30783 APPLE http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Return to the previous page.