Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1767

CWE-119 — Buffer Overflow9 documents9 sources

Severity

7.5HIGH

EPSS

20.8%

top 4.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Redhat Desktop Redhat Enterprise Linux Redhat Enterprise Linux Desktop +2 more

Timeline

PublishedMay 23

Latest updateMay 1

Description

Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶Debianlibxslt< 1.1.24-1+3

▶NVDredhat/desktop3

▶NVDredhat/enterprise_linux_desktop4, 5+1

▶NVDredhat/linux_advanced_workstation2.1

▶NVDredhat/enterprise_linux_desktop_workstation5

Also affects: Enterprise Linux 2.1, 3.0, 4.0, 5.0

🔴Vulnerability Details

GHSA

GHSA-h927-jfxh-4j78: Buffer overflow in pattern↗2022-05-01

▶

CVEList

CVE-2008-1767: Buffer overflow in pattern↗2008-05-23

▶

OSV

CVE-2008-1767: Buffer overflow in pattern↗2008-05-23

▶

💥Exploits & PoCs

Exploit-DB

libxslt XSL 1.1.23 - File Processing Buffer Overflow↗2008-05-21

▶

📋Vendor Advisories

Ubuntu

libxslt vulnerabilities↗2008-08-01

▶

Red Hat

libxslt: fixed-sized steps array overflow via "template match" condition in XSL file↗2008-04-10

▶

Debian

CVE-2008-1767: libxslt - Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent a...↗2008

▶

💬Community

Bugzilla

CVE-2008-1767 libxslt: fixed-sized steps array overflow via "template match" condition in XSL file↗2008-05-16

▶