// For flags

CVE-2008-3529

Apple Safari - RSS 'feed://' Buffer Overflow via libxml2 (PoC)

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su elección al utilizar un nombre largo de entidad XML.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-08-07 CVE Reserved
  • 2008-09-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-25 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-122: Heap-based Buffer Overflow
CAPEC
References (54)
URL Tag Source
http://secunia.com/advisories/31558 Third Party Advisory
http://secunia.com/advisories/31855 Third Party Advisory
http://secunia.com/advisories/31860 Third Party Advisory
http://secunia.com/advisories/31868 Third Party Advisory
http://secunia.com/advisories/31982 Third Party Advisory
http://secunia.com/advisories/32265 Third Party Advisory
http://secunia.com/advisories/32280 Third Party Advisory
http://secunia.com/advisories/32807 Third Party Advisory
http://secunia.com/advisories/32974 Third Party Advisory
http://secunia.com/advisories/33715 Third Party Advisory
http://secunia.com/advisories/33722 Third Party Advisory
http://secunia.com/advisories/35056 Third Party Advisory
http://secunia.com/advisories/35074 Third Party Advisory
http://secunia.com/advisories/35379 Third Party Advisory
http://secunia.com/advisories/36173 Third Party Advisory
http://secunia.com/advisories/36235 Third Party Advisory
http://securitytracker.com/id?1020855 Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 Broken Link
http://support.apple.com/kb/HT3549 Third Party Advisory
http://support.apple.com/kb/HT3550 Third Party Advisory
http://support.apple.com/kb/HT3613 Third Party Advisory
http://support.apple.com/kb/HT3639 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0325 Broken Link
http://www.securityfocus.com/bid/31126 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory
http://www.vupen.com/english/advisories/2008/2822 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1297 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1298 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1522 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103 Signature
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xmlsoft
Search vendor "Xmlsoft"
Libxml2
Search vendor "Xmlsoft" for product "Libxml2"
< 2.7.0
Search vendor "Xmlsoft" for product "Libxml2" and version " < 2.7.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
8.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
9.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
< 4.0
Search vendor "Apple" for product "Safari" and version " < 4.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
>= 3.2.0 < 3.2.3
Search vendor "Apple" for product "Safari" and version " >= 3.2.0 < 3.2.3"
-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
< 3.0
Search vendor "Apple" for product "Iphone Os" and version " < 3.0"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
< 10.5.7
Search vendor "Apple" for product "Mac Os X" and version " < 10.5.7"
-
Affected
Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
10.5.7
Search vendor "Apple" for product "Mac Os X" and version "10.5.7"
-
Affected