CVE-2008-2935
Published Aug 1, 2008
Last updated 6 years ago
Overview
- Description
- Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBFCEA36-7573-491B-8438-4E3FDF8E97ED"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF38997D-634C-423C-BD82-44E74A99D8DD"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9B4CF5A-150E-4814-BA15-EF9FB30AD0CC"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D4401FF-84D8-4AD5-BAED-978E31E5DADB"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC004874-3C5D-4932-AD5B-BE7156D7D13E"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "269892E0-1ABA-4D0F-8266-A4DA8A575967"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4597D362-AD62-4D58-BC7F-CCED44488466"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D885D06-D6E5-432C-9923-AE2CE73F7654"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F5003EF-82E2-49F9-9F74-CB92FE98E2E3"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C0D6095-2A7B-4328-ADA0-283E8F79AFDD"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91C70E5E-A987-4BF3-9300-E4A3F2B0B853"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5EFA6E9-593B-484A-A8FB-A22BAEE208B9"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C55B5B1-76F1-480B-B7F9-EF4AFE79E3F4"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58E904DA-889E-44B9-9AF6-EC753FB316BC"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3BC6F57-1DDD-4EA6-83F9-2672B11DF7B2"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "69A51C1E-21C9-4FA4-8340-345B5E1F1B70"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9D7C38F-EF88-4531-803D-BA911978A176"
}
],
"operator": "OR"
}
]
}
]