Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4409

CWE-399CWE-8357 documents7 sources
Severity
5.0MEDIUM
EPSS
11.3%
top 6.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedOct 3
Latest updateMay 2

Description

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDxmlsoft/libxml22.7.0, 2.7.1+1

🔴Vulnerability Details

2
GHSA
GHSA-34h5-p5c9-pjw6: libxml2 22022-05-02
CVEList
CVE-2008-4409: libxml2 22008-10-03

💥Exploits & PoCs

1
Exploit-DB
libxml2 - Denial of Service2008-10-02

📋Vendor Advisories

2
Red Hat
libxml2: infinite loop when entity is used in entity definition2008-10-02
Debian
CVE-2008-4409: libxml2 - libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definition...2008

💬Community

1
Bugzilla
CVE-2008-4409 libxml2: infinite loop when entity is used in entity definition2008-10-06
CVE-2008-4409 (MEDIUM CVSS 5) | libxml2 2.7.0 and 2.7.1 does not pr | cvebase.io