CVE-2008-2935

Current Description

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

Basic Data

PublishedAugust 01, 2008
Last ModifiedOctober 11, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-119
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationXmlsoftLibxslt1.1.8*******
    2.3ApplicationXmlsoftLibxslt1.1.9*******
    2.3ApplicationXmlsoftLibxslt1.1.10*******
    2.3ApplicationXmlsoftLibxslt1.1.11*******
    2.3ApplicationXmlsoftLibxslt1.1.12*******
    2.3ApplicationXmlsoftLibxslt1.1.13*******
    2.3ApplicationXmlsoftLibxslt1.1.14*******
    2.3ApplicationXmlsoftLibxslt1.1.15*******
    2.3ApplicationXmlsoftLibxslt1.1.16*******
    2.3ApplicationXmlsoftLibxslt1.1.17*******
    2.3ApplicationXmlsoftLibxslt1.1.18*******
    2.3ApplicationXmlsoftLibxslt1.1.19*******
    2.3ApplicationXmlsoftLibxslt1.1.20*******
    2.3ApplicationXmlsoftLibxslt1.1.21*******
    2.3ApplicationXmlsoftLibxslt1.1.22*******
    2.3ApplicationXmlsoftLibxslt1.1.23*******
    2.3ApplicationXmlsoftLibxslt1.1.24*******

Vulnerable Software List

VendorProductVersions
Xmlsoft Libxslt 1.1.10, 1.1.11, 1.1.12, 1.1.13, 1.1.14, 1.1.15, 1.1.16, 1.1.17, 1.1.18, 1.1.19, 1.1.20, 1.1.21, 1.1.22, 1.1.23, 1.1.24, 1.1.8, 1.1.9

References

NameSourceURLTags
31230http://secunia.com/advisories/31230SECUNIA
31310http://secunia.com/advisories/31310SECUNIA
31331http://secunia.com/advisories/31331SECUNIA
31363http://secunia.com/advisories/31363SECUNIA
31395http://secunia.com/advisories/31395SECUNIA
31399http://secunia.com/advisories/31399SECUNIA
32453http://secunia.com/advisories/32453SECUNIA
GLSA-200808-06http://security.gentoo.org/glsa/glsa-200808-06.xmlGENTOO
4078http://securityreason.com/securityalert/4078SREASON
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306CONFIRM
DSA-1624http://www.debian.org/security/2008/dsa-1624DEBIAN
MDVSA-2008:160http://www.mandriva.com/security/advisories?name=MDVSA-2008:160MANDRIVA
http://www.ocert.org/advisories/ocert-2008-009.htmlhttp://www.ocert.org/advisories/ocert-2008-009.htmlMISCPATCH
http://www.ocert.org/patches/exslt_crypt.patchhttp://www.ocert.org/patches/exslt_crypt.patchMISCExploit PATCH
RHSA-2008:0649http://www.redhat.com/support/errata/RHSA-2008-0649.htmlREDHAT
http://www.scary.beasts.org/security/CESA-2008-003.htmlhttp://www.scary.beasts.org/security/CESA-2008-003.htmlMISC
20080731 [oCERT-2008-009] libxslt heap overflowhttp://www.securityfocus.com/archive/1/494976/100/0/threadedBUGTRAQ
20080801 libxslt heap overflowhttp://www.securityfocus.com/archive/1/495018/100/0/threadedBUGTRAQ
20081027 rPSA-2008-0306-1 libxslthttp://www.securityfocus.com/archive/1/497829/100/0/threadedBUGTRAQ
30467http://www.securityfocus.com/bid/30467BID
1020596http://www.securitytracker.com/id?1020596SECTRACK
USN-633-1http://www.ubuntu.com/usn/usn-633-1UBUNTU
ADV-2008-2266http://www.vupen.com/english/advisories/2008/2266/referencesVUPEN
libxslt-multiple-crypto-bo(44141)https://exchange.xforce.ibmcloud.com/vulnerabilities/44141XF
oval:org.mitre.oval:def:10827https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827OVAL
FEDORA-2008-7029https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.htmlFEDORA
FEDORA-2008-7062https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.htmlFEDORA