CVE-2008-4225

CWE-189 CWE-190 — Integer Overflow8 documents8 sources

Severity

7.8HIGH

EPSS

1.4%

top 19.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml

Timeline

PublishedNov 25

Latest updateMay 2

Description

Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianlibxml2< 2.6.32.dfsg-5+3

▶NVDxmlsoft/libxml2.7.2

Patches

Patch: secunia.com ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-crw4-5c7w-w3j2: Integer overflow in the xmlBufferResize function in libxml2 2↗2022-05-02

▶

OSV

CVE-2008-4225: Integer overflow in the xmlBufferResize function in libxml2 2↗2008-11-25

▶

CVEList

CVE-2008-4225: Integer overflow in the xmlBufferResize function in libxml2 2↗2008-11-25

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2008-11-19

▶

Red Hat

libxml2: integer overflow leading to infinite loop in xmlBufferResize↗2008-11-17

▶

Debian

CVE-2008-4225: libxml2 - Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context...↗2008

▶

💬Community

Bugzilla

CVE-2008-4225 libxml2: integer overflow leading to infinite loop in xmlBufferResize↗2008-11-07

▶