CVE-2008-2935 – libxslt 1.1.x - RC4 Encryption and Decryption functions Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-2935

01 Aug 2008 — Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input." Múltiples desbordamientos de búfer basados en montículo en las funciones rc4 de (1) cifrado (aka exsltCryptoRc4EncryptFunction) y (2) descifrado (aka exsltC... • https://www.exploit-db.com/exploits/32133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •