CVE-2008-1767

Published May 23, 2008

Last updated 7 years ago

CVSS info 7.5

Overview

Description: Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:desktop:3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C17C5FD0-2D17-4625-85AC-45E926EDD3F7"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "492EA1BE-E678-4300-A690-3BFCD4B233B2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E3C9031-F69A-4B6A-A8CB-39027174AA01"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6B5646C-FF04-4D3D-B39E-27C1056962EA"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "327FEE54-79EC-4B5E-B838-F3C61FCDF48E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "056C1C15-D110-4309-A9A6-41BD753FE4F2"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08392974-5AC1-4B12-893F-3F733EF05F80"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49EF5B77-9BC9-4AE8-A677-48E5E576BE63"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36389D32-61C1-4487-8399-FA7D2864FACD"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49B67F74-AF8F-4A27-AA8A-A8479E256A9F"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40D71CBC-D365-4710-BAB5-8A1159F35E41"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D986CAD0-F4E0-4F97-B240-8967CD4466FB"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5:*:client:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF3FB21C-AC0E-4F6C-B68A-9405E57ADCF0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_workstation:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "292F7F41-3545-42B4-8B86-A13D8708E775"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DBD9D3C-40AB-449D-A9A8-A09DF2DEDB96"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References