CVE-2008-3529 - Vulnerability Details

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Iphone Os Mac Os X Safari
Canonical	Ubuntu Linux
Debian	Debian Linux
Redhat	Enterprise Linux
Xmlsoft	Libxml2

Configuration 1 [-]

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
libxml2-0:2.4.19-11.ent	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:0886	2008-09-11T00:00:00Z
Red Hat Enterprise Linux 3
libxml2-0:2.5.10-13	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:0884	2008-09-11T00:00:00Z
Red Hat Enterprise Linux 4
libxml2-0:2.6.16-12.5	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:0884	2008-09-11T00:00:00Z
Red Hat Enterprise Linux 5
libxml2-0:2.6.26-2.1.2.6	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0884	2008-09-11T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://secunia.com/advisories/31558
http://secunia.com/advisories/31855
http://secunia.com/advisories/31860
http://secunia.com/advisories/31868
http://secunia.com/advisories/31982
http://secunia.com/advisories/32265
http://secunia.com/advisories/32280
http://secunia.com/advisories/32807
http://secunia.com/advisories/32974
http://secunia.com/advisories/33715
http://secunia.com/advisories/33722
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://secunia.com/advisories/35379
http://secunia.com/advisories/36173
http://secunia.com/advisories/36235
http://security.gentoo.org/glsa/glsa-200812-06.xml
http://securitytracker.com/id?1020855
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3550
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm
http://wiki.rpath.com/Advisories:rPSA-2008-0325
http://www.debian.org/security/2008/dsa-1654
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192
http://www.redhat.com/support/errata/RHSA-2008-0884.html
http://www.redhat.com/support/errata/RHSA-2008-0886.html
http://www.securityfocus.com/bid/31126
http://www.ubuntu.com/usn/USN-815-1
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2008/2822
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://xmlsoft.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=461015
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085
https://nvd.nist.gov/vuln/detail/CVE-2008-3529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103
https://usn.ubuntu.com/644-1/
https://www.cve.org/CVERecord?id=CVE-2008-3529
https://www.exploit-db.com/exploits/8798

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-09-12T16:00:00

Updated: 2024-08-07T09:45:18.156Z

Reserved: 2008-08-07T00:00:00

Link: CVE-2008-3529

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-09-12T16:56:20.493

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-3529

Redhat

Severity : Important

Publid Date: 2008-09-11T00:00:00Z

Links: CVE-2008-3529 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-815-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-815-1"}, {"name": "USN-644-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/644-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3639"}, {"name": "31860", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31860"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1"}, {"name": "32280", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32280"}, {"name": "31855", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31855"}, {"name": "ADV-2009-1621", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"name": "libxml2-entitynames-bo(45085)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3549"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"}, {"name": "32807", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32807"}, {"name": "APPLE-SA-2009-06-08-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "31982", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31982"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"}, {"name": "31868", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31868"}, {"name": "DSA-1654", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1654"}, {"tags": ["x_refsource_MISC"], "url": "http://xmlsoft.org/news.html"}, {"name": "oval:org.mitre.oval:def:6103", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103"}, {"name": "ADV-2009-1298", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1298"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35074"}, {"name": "8798", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8798"}, {"name": "36173", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36173"}, {"name": "RHSA-2008:0884", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0884.html"}, {"name": "ADV-2009-1522", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "1020855", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1020855"}, {"name": "32265", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32265"}, {"name": "GLSA-200812-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"}, {"name": "APPLE-SA-2009-06-17-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"name": "33715", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33715"}, {"name": "SUSE-SR:2008:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"}, {"name": "35056", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35056"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"}, {"name": "247346", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html"}, {"name": "31126", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31126"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm"}, {"name": "35379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35379"}, {"name": "33722", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33722"}, {"name": "MDVSA-2008:192", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"}, {"name": "32974", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32974"}, {"name": "oval:org.mitre.oval:def:11760", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760"}, {"name": "36235", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36235"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "265329", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3550"}, {"name": "261688", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1"}, {"name": "31558", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31558"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3613"}, {"name": "ADV-2008-2822", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2822"}, {"name": "RHSA-2008:0886", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:45:18.156Z"}, "title": "CVE Program Container", "references": [{"name": "USN-815-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-815-1"}, {"name": "USN-644-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/644-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3639"}, {"name": "31860", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31860"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1"}, {"name": "32280", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32280"}, {"name": "31855", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31855"}, {"name": "ADV-2009-1621", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"name": "libxml2-entitynames-bo(45085)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3549"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"}, {"name": "32807", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32807"}, {"name": "APPLE-SA-2009-06-08-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "31982", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31982"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"}, {"name": "31868", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31868"}, {"name": "DSA-1654", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1654"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://xmlsoft.org/news.html"}, {"name": "oval:org.mitre.oval:def:6103", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103"}, {"name": "ADV-2009-1298", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1298"}, {"name": "35074", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35074"}, {"name": "8798", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8798"}, {"name": "36173", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36173"}, {"name": "RHSA-2008:0884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0884.html"}, {"name": "ADV-2009-1522", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "1020855", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1020855"}, {"name": "32265", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32265"}, {"name": "GLSA-200812-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"}, {"name": "APPLE-SA-2009-06-17-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"name": "33715", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33715"}, {"name": "SUSE-SR:2008:018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"}, {"name": "35056", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35056"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"}, {"name": "247346", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1"}, {"name": "APPLE-SA-2009-05-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html"}, {"name": "31126", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31126"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm"}, {"name": "35379", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35379"}, {"name": "33722", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33722"}, {"name": "MDVSA-2008:192", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"}, {"name": "32974", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32974"}, {"name": "oval:org.mitre.oval:def:11760", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760"}, {"name": "36235", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36235"}, {"name": "TA09-133A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"name": "265329", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1"}, {"name": "ADV-2009-1297", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3550"}, {"name": "261688", "tags": ["vendor-advisory", "x_refsource_SUNALERT", "x_transferred"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1"}, {"name": "31558", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31558"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3613"}, {"name": "ADV-2008-2822", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2822"}, {"name": "RHSA-2008:0886", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-3529", "datePublished": "2008-09-12T16:00:00", "dateReserved": "2008-08-07T00:00:00", "dateUpdated": "2024-08-07T09:45:18.156Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "901D143E-F14B-4944-A2A7-6FF08A21FF29", "versionEndExcluding": "2.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "212BF588-5C81-4801-A76D-73FB1DE211EA", "versionEndExcluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DE12072-799C-4E47-A506-28B80D1CDFE6", "versionEndExcluding": "3.2.3", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "48C7B5CA-82E7-4676-BDBA-76C1098DDEAB", "versionEndExcluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA0E35E1-9181-4A2B-93E5-8833E5AB5FDD", "versionEndExcluding": "10.5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "2398ADC8-A106-462E-B9AE-F8AF800D0A3C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n xmlParseAttValueComplex en el m\u00f3dulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (parada inesperada) o la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n al utilizar un nombre largo de entidad XML."}], "id": "CVE-2008-3529", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-12T16:56:20.493", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31558"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31855"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31860"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31868"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31982"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32265"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32280"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32807"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32974"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33715"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33722"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35056"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35074"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35379"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36173"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36235"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1020855"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3550"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3613"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3639"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1654"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0884.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31126"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-815-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2822"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1298"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://xmlsoft.org/news.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/644-1/"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/8798"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31558"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/31982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32280"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/32974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33715"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/33722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35074"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/35379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/36235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1020855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3613"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3639"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0884.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0886.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/31126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-815-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2008/2822"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1298"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://xmlsoft.org/news.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/644-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/8798"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0886", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "package": "libxml2-0:2.4.19-11.ent", "product_name": "Red Hat Enterprise Linux 2.1", "release_date": "2008-09-11T00:00:00Z"}, {"advisory": "RHSA-2008:0884", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "libxml2-0:2.5.10-13", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2008-09-11T00:00:00Z"}, {"advisory": "RHSA-2008:0884", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "libxml2-0:2.6.16-12.5", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2008-09-11T00:00:00Z"}, {"advisory": "RHSA-2008:0884", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "libxml2-0:2.6.26-2.1.2.6", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2008-09-11T00:00:00Z"}], "bugzilla": {"description": "libxml2: long entity name heap buffer overflow", "id": "461015", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461015"}, "csaw": false, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name."], "name": "CVE-2008-3529", "public_date": "2008-09-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-3529\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-3529"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object