CVE-2008-1767
published 2008-05-23CVE-2008-1767: Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.79%
95.8th percentile
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxslt | < libxslt 1.1.24-1 (bookworm) | libxslt 1.1.24-1 (bookworm) |
| redhat | desktop | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop_workstation | — | — |
| redhat | linux_advanced_workstation | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.24-1 | 1.1.24-1 |
| xmlsoft | libxslt | >= 0 < 1.1.24-1 | 1.1.24-1 |
| xmlsoft | libxslt | >= 0 < 1.1.24-1 | 1.1.24-1 |
| xmlsoft | libxslt | >= 0 < 1.1.24-1 | 1.1.24-1 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libxslt vulnerabilities
vendor_ubuntu·2008-08-01·CVSS 7.5
CVE-2008-1767 [HIGH] libxslt vulnerabilities
Title: libxslt vulnerabilities
Summary: libxslt vulnerabilities
It was discovered that long transformation matches in libxslt could
overflow. If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)
Chris Evans discovered that the RC4 processing code in libxslt did not
correctly handle corrupted key information. If a remote attacker were
able to make an application linked against libxslt process malicious
XML input, they could crash the application, leading to a denial of
service. (CVE-2008-2935)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
libxslt: fixed-sized steps array overflow via "template match" condition in XSL file
vendor_redhat·2008-04-10·CVSS 7.5
CVE-2008-1767 [HIGH] libxslt: fixed-sized steps array overflow via "template match" condition in XSL file
libxslt: fixed-sized steps array overflow via "template match" condition in XSL file
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
Debian
CVE-2008-1767: libxslt - Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent a...
vendor_debian·2008·CVSS 7.5
CVE-2008-1767 [HIGH] CVE-2008-1767: libxslt - Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent a...
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
Scope: local
bookworm: resolved (fixed in 1.1.24-1)
bullseye: resolved (fixed in 1.1.24-1)
forky: resolved (fixed in 1.1.24-1)
sid: resolved (fixed in 1.1.24-1)
trixie: resolved (fixed in 1.1.24-1)
GHSA
GHSA-h927-jfxh-4j78: Buffer overflow in pattern
ghsa_unreviewed·2022-05-01
CVE-2008-1767 [HIGH] CWE-119 GHSA-h927-jfxh-4j78: Buffer overflow in pattern
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
OSV
CVE-2008-1767: Buffer overflow in pattern
osv·2008-05-23·CVSS 7.5
CVE-2008-1767 [HIGH] CVE-2008-1767: Buffer overflow in pattern
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.
No detection rules found.
http://bugzilla.gnome.org/show_bug.cgi?id=527297http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2008//Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://secunia.com/advisories/30315http://secunia.com/advisories/30323http://secunia.com/advisories/30393http://secunia.com/advisories/30521http://secunia.com/advisories/30717http://secunia.com/advisories/31074http://secunia.com/advisories/31363http://secunia.com/advisories/32222http://secunia.com/advisories/32706http://security.gentoo.org/glsa/glsa-200806-02.xmlhttp://support.apple.com/kb/HT3216http://support.apple.com/kb/HT3298http://www.debian.org/security/2008/dsa-1589http://www.mandriva.com/security/advisories?name=MDVSA-2008:151http://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0287.htmlhttp://www.securityfocus.com/bid/29312http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1020071http://www.ubuntu.com/usn/usn-633-1http://www.vupen.com/english/advisories/2008/1580/referenceshttp://www.vupen.com/english/advisories/2008/2094/referenceshttp://www.vupen.com/english/advisories/2008/2780https://exchange.xforce.ibmcloud.com/vulnerabilities/42560https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9785http://bugzilla.gnome.org/show_bug.cgi?id=527297http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2008//Jul/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlhttp://secunia.com/advisories/30315http://secunia.com/advisories/30323http://secunia.com/advisories/30393http://secunia.com/advisories/30521http://secunia.com/advisories/30717http://secunia.com/advisories/31074http://secunia.com/advisories/31363http://secunia.com/advisories/32222http://secunia.com/advisories/32706http://security.gentoo.org/glsa/glsa-200806-02.xmlhttp://support.apple.com/kb/HT3216http://support.apple.com/kb/HT3298http://www.debian.org/security/2008/dsa-1589http://www.mandriva.com/security/advisories?name=MDVSA-2008:151http://www.novell.com/linux/security/advisories/2008_13_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0287.htmlhttp://www.securityfocus.com/bid/29312http://www.securityfocus.com/bid/31681http://www.securitytracker.com/id?1020071http://www.ubuntu.com/usn/usn-633-1http://www.vupen.com/english/advisories/2008/1580/referenceshttp://www.vupen.com/english/advisories/2008/2094/referenceshttp://www.vupen.com/english/advisories/2008/2780https://exchange.xforce.ibmcloud.com/vulnerabilities/42560https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9785
2008-05-23
Published