CVE-2007-6284

CWE-399 CWE-8358 documents8 sources

Severity

5.0MEDIUM

EPSS

6.7%

top 8.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +1 more

Timeline

PublishedJan 12

Latest updateMay 1

Description

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianlibxml2< 2.6.30.dfsg-3.1+3

▶NVDmandrakesoft/mandrake_linux2007, 2007.1, 2008.0+2

▶NVDmandrakesoft/mandrake_linux_corporate_server3.0, 4.0+1

Also affects: Fedora 7, 8, Debian Linux 3.1, 4.0

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-mq3q-3vmf-c9rw: The xmlCurrentChar function in libxml2 before 2↗2022-05-01

▶

OSV

CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2↗2008-01-12

▶

CVEList

CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2↗2008-01-12

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerability↗2008-01-14

▶

Red Hat

libxml2: infinite loop in UTF-8 decoding↗2008-01-11

▶

Debian

CVE-2007-6284: libxml2 - The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent at...↗2007

▶

💬Community

Bugzilla

CVE-2007-6284 libxml2: infinite loop in UTF-8 decoding↗2007-12-17

▶