// For flags

CVE-2008-4226

libxml2: integer overflow leading to memory corruption in xmlSAX2Characters

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.

Desbordamiento de entero en la función xmlSAX2Characters en libxml2 2.7.2 que permite a los atacantes dependientes de contexto causar una denegación de servicios (corrupción de memoria) o posiblemente ejecutar arbitrariamente código a través de un documento largo XML

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-24 CVE Reserved
  • 2008-11-25 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-399: Resource Management Errors
CAPEC
References (55)
URL Tag Source
http://secunia.com/advisories/32872 Third Party Advisory
http://secunia.com/advisories/32974 Third Party Advisory
http://secunia.com/advisories/33417 Third Party Advisory
http://secunia.com/advisories/33746 Third Party Advisory
http://secunia.com/advisories/33792 Third Party Advisory
http://secunia.com/advisories/34247 Third Party Advisory
http://secunia.com/advisories/35379 Third Party Advisory
http://secunia.com/advisories/36173 Third Party Advisory
http://secunia.com/advisories/36235 Third Party Advisory
http://securitytracker.com/id?1021238 Vdb Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 X_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 X_refsource_confirm
http://support.apple.com/kb/HT3613 X_refsource_confirm
http://support.apple.com/kb/HT3639 X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-002.htm X_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2009-067.htm X_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2008-0325 X_refsource_confirm
http://www.osvdb.org/49993 Vdb Entry
http://www.securityfocus.com/bid/32326 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2009-0001.html X_refsource_confirm
http://www.vupen.com/english/advisories/2008/3176 Vdb Entry
http://www.vupen.com/english/advisories/2009/0034 Vdb Entry
http://www.vupen.com/english/advisories/2009/0301 Vdb Entry
http://www.vupen.com/english/advisories/2009/0323 Vdb Entry
http://www.vupen.com/english/advisories/2009/1522 Vdb Entry
http://www.vupen.com/english/advisories/2009/1621 Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6219 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6360 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9888 Signature
URL Date SRC
URL Date SRC
http://www.debian.org/security/2008/dsa-1666 2017-09-29
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc10 2017-09-29
https://admin.fedoraproject.org/updates/libxml2-2.7.2-2.fc9 2017-09-29
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 2017-09-29
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html 2017-09-29
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html 2017-09-29
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html 2017-09-29
http://secunia.com/advisories/32762 2017-09-29
http://secunia.com/advisories/32764 2017-09-29
http://secunia.com/advisories/32766 2017-09-29
http://secunia.com/advisories/32773 2017-09-29
http://secunia.com/advisories/32802 2017-09-29
http://secunia.com/advisories/32807 2017-09-29
http://secunia.com/advisories/32811 2017-09-29
http://security.gentoo.org/glsa/glsa-200812-06.xml 2017-09-29
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473974 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-26-251406-1 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 2017-09-29
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 2017-09-29
http://www.mandriva.com/security/advisories?name=MDVSA-2008:231 2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0988.html 2017-09-29
http://www.ubuntu.com/usn/usn-673-1 2017-09-29
https://bugzilla.redhat.com/show_bug.cgi?id=470466 2008-11-17
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00472.html 2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00513.html 2017-09-29
https://access.redhat.com/security/cve/CVE-2008-4226 2008-11-17
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xmlsoft
Search vendor "Xmlsoft"
 Libxml
Search vendor "Xmlsoft" for product "Libxml"
 2.7.2
Search vendor "Xmlsoft" for product "Libxml" and version "2.7.2"
-
Affected