mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 17:59:20 -04:00
- Document libxml2 -- multiple vulnerabilities
This commit is contained in:
parent
1badbdfada
commit
592e12bfdd
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=223060
1 changed files with 40 additions and 0 deletions
|
@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file.
|
|||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="f1e0164e-b67b-11dd-a55e-00163e000016">
|
||||
<topic>libxml2 -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>libxml2</name>
|
||||
<range><lt>2.6.32_2</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Secunia reports:</p>
|
||||
<blockquote cite="http://secunia.com/Advisories/32773/">
|
||||
<p>Two vulnerabilities have been reported in Libxml2, which can be
|
||||
exploited by malicious people to cause a DoS (Denial of Service) or
|
||||
to potentially compromise an application using the library.</p>
|
||||
<p>1) An integer overflow error in the "xmlSAX2Characters()" function
|
||||
can be exploited to trigger a memory corruption via a specially</p>
|
||||
<p>Successful exploitation may allow execution of arbitrary code, but
|
||||
requires e.g. that the user is tricked into processing an overly
|
||||
large XML file (2GB or more).</p>
|
||||
<p>2) An integer overflow error in the "xmlBufferResize()" function
|
||||
can be exploited to trigger the execution of an infinite loop.
|
||||
The vulnerabilities are reported in version 2.7.2.</p>
|
||||
<p>Other versions may also be affected.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<cvename>CVE-2008-4225</cvename>
|
||||
<cvename>CVE-2008-4226</cvename>
|
||||
<url>https://bugzilla.redhat.com/show_bug.cgi?id=470466</url>
|
||||
<url>https://bugzilla.redhat.com/show_bug.cgi?id=470480</url>
|
||||
<url>http://secunia.com/Advisories/32773/</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2008-11-18</discovery>
|
||||
<entry>2008-11-19</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="937adf01-b64a-11dd-a55e-00163e000016">
|
||||
<topic>openfire -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
|
Loading…
Add table
Reference in a new issue