CVE-2008-4226

CWE-399CWE-190Integer Overflow8 documents8 sources
Severity
10.0CRITICAL
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml
Timeline
PublishedNov 25
Latest updateMay 2

Description

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianlibxml2< 2.6.32.dfsg-5+3
NVDxmlsoft/libxml2.7.2

Patches

Patch: www.debian.orgPatch: admin.fedoraproject.orgPatch: admin.fedoraproject.org

🔴Vulnerability Details

3
GHSA
GHSA-xc47-x3wf-rv79: Integer overflow in the xmlSAX2Characters function in libxml2 22022-05-02
CVEList
CVE-2008-4226: Integer overflow in the xmlSAX2Characters function in libxml2 22008-11-25
OSV
CVE-2008-4226: Integer overflow in the xmlSAX2Characters function in libxml2 22008-11-25

📋Vendor Advisories

3
Ubuntu
libxml2 vulnerabilities2008-11-19
Red Hat
libxml2: integer overflow leading to memory corruption in xmlSAX2Characters2008-11-17
Debian
CVE-2008-4226: libxml2 - Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows conte...2008

💬Community

1
Bugzilla
CVE-2008-4226 libxml2: integer overflow leading to memory corruption in xmlSAX2Characters2008-11-07
CVE-2008-4226 (CRITICAL CVSS 10) | Integer overflow in the xmlSAX2Char | cvebase.io