CVE-2008-2935
published 2008-08-01CVE-2008-2935: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction)…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
12.79%
95.8th percentile
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxslt | < libxslt 1.1.24-2 (bookworm) | libxslt 1.1.24-2 (bookworm) |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | — | — |
| xmlsoft | libxslt | >= 0 < 1.1.24-2 | 1.1.24-2 |
| xmlsoft | libxslt | >= 0 < 1.1.24-2 | 1.1.24-2 |
| xmlsoft | libxslt | >= 0 < 1.1.24-2 | 1.1.24-2 |
| xmlsoft | libxslt | >= 0 < 1.1.24-2 | 1.1.24-2 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4597-8mcf-pw36: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFuncti
ghsa_unreviewed·2022-05-01
CVE-2008-2935 [HIGH] CWE-119 GHSA-4597-8mcf-pw36: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFuncti
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
OSV
CVE-2008-2935: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFuncti
osv·2008-08-01·CVSS 7.5
CVE-2008-2935 [HIGH] CVE-2008-2935: Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFuncti
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Ubuntu
libxslt vulnerabilities
vendor_ubuntu·2008-08-01·CVSS 7.5
CVE-2008-1767 [HIGH] libxslt vulnerabilities
Title: libxslt vulnerabilities
Summary: libxslt vulnerabilities
It was discovered that long transformation matches in libxslt could
overflow. If an attacker were able to make an application linked against
libxslt process malicious XSL style sheet input, they could execute
arbitrary code with user privileges or cause the application to crash,
leading to a denial of serivce. (CVE-2008-1767)
Chris Evans discovered that the RC4 processing code in libxslt did not
correctly handle corrupted key information. If a remote attacker were
able to make an application linked against libxslt process malicious
XML input, they could crash the application, leading to a denial of
service. (CVE-2008-2935)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
libxslt: buffer overflow in libexslt RC4 encryption/decryption functions
vendor_redhat·2008-07-31·CVSS 7.5
CVE-2008-2935 [HIGH] libxslt: buffer overflow in libexslt RC4 encryption/decryption functions
libxslt: buffer overflow in libexslt RC4 encryption/decryption functions
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Debian
CVE-2008-2935: libxslt - Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoR...
vendor_debian·2008·CVSS 7.5
CVE-2008-2935 [HIGH] CVE-2008-2935: libxslt - Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoR...
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Scope: local
bookworm: resolved (fixed in 1.1.24-2)
bullseye: resolved (fixed in 1.1.24-2)
forky: resolved (fixed in 1.1.24-2)
sid: resolved (fixed in 1.1.24-2)
trixie: resolved (fixed in 1.1.24-2)
No detection rules found.
http://secunia.com/advisories/31230http://secunia.com/advisories/31310http://secunia.com/advisories/31331http://secunia.com/advisories/31363http://secunia.com/advisories/31395http://secunia.com/advisories/31399http://secunia.com/advisories/32453http://security.gentoo.org/glsa/glsa-200808-06.xmlhttp://securityreason.com/securityalert/4078http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306http://www.debian.org/security/2008/dsa-1624http://www.mandriva.com/security/advisories?name=MDVSA-2008:160http://www.ocert.org/advisories/ocert-2008-009.htmlhttp://www.ocert.org/patches/exslt_crypt.patchhttp://www.redhat.com/support/errata/RHSA-2008-0649.htmlhttp://www.scary.beasts.org/security/CESA-2008-003.htmlhttp://www.securityfocus.com/archive/1/494976/100/0/threadedhttp://www.securityfocus.com/archive/1/495018/100/0/threadedhttp://www.securityfocus.com/archive/1/497829/100/0/threadedhttp://www.securityfocus.com/bid/30467http://www.securitytracker.com/id?1020596http://www.ubuntu.com/usn/usn-633-1http://www.vupen.com/english/advisories/2008/2266/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/44141https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.htmlhttp://secunia.com/advisories/31230http://secunia.com/advisories/31310http://secunia.com/advisories/31331http://secunia.com/advisories/31363http://secunia.com/advisories/31395http://secunia.com/advisories/31399http://secunia.com/advisories/32453http://security.gentoo.org/glsa/glsa-200808-06.xmlhttp://securityreason.com/securityalert/4078http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306http://www.debian.org/security/2008/dsa-1624http://www.mandriva.com/security/advisories?name=MDVSA-2008:160http://www.ocert.org/advisories/ocert-2008-009.htmlhttp://www.ocert.org/patches/exslt_crypt.patchhttp://www.redhat.com/support/errata/RHSA-2008-0649.htmlhttp://www.scary.beasts.org/security/CESA-2008-003.htmlhttp://www.securityfocus.com/archive/1/494976/100/0/threadedhttp://www.securityfocus.com/archive/1/495018/100/0/threadedhttp://www.securityfocus.com/archive/1/497829/100/0/threadedhttp://www.securityfocus.com/bid/30467http://www.securitytracker.com/id?1020596http://www.ubuntu.com/usn/usn-633-1http://www.vupen.com/english/advisories/2008/2266/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/44141https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html
2008-08-01
Published