10.0
CRITICAL
CVE-2008-3529
Libxml2 Heap Buffer Overflow Vulnerability
Description

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

INFO

Published Date :

Sept. 12, 2008, 4:56 p.m.

Last Modified :

Feb. 13, 2023, 2:19 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

10.0

Exploitability Score :

10.0
Affected Products

The following products are affected by CVE-2008-3529 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Apple mac_os_x
2 Apple iphone_os
3 Apple safari
1 Canonical ubuntu_linux
1 Debian debian_linux
1 Xmlsoft libxml2
: Total Affected Vendor : 4 | Products : 6
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2008-3529.

URL Resource
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html Broken Link Mailing List
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/31558 Third Party Advisory
http://secunia.com/advisories/31855 Third Party Advisory
http://secunia.com/advisories/31860 Third Party Advisory
http://secunia.com/advisories/31868 Third Party Advisory
http://secunia.com/advisories/31982 Third Party Advisory
http://secunia.com/advisories/32265 Third Party Advisory
http://secunia.com/advisories/32280 Third Party Advisory
http://secunia.com/advisories/32807 Third Party Advisory
http://secunia.com/advisories/32974 Third Party Advisory
http://secunia.com/advisories/33715 Third Party Advisory
http://secunia.com/advisories/33722 Third Party Advisory
http://secunia.com/advisories/35056 Third Party Advisory
http://secunia.com/advisories/35074 Third Party Advisory
http://secunia.com/advisories/35379 Third Party Advisory
http://secunia.com/advisories/36173 Third Party Advisory
http://secunia.com/advisories/36235 Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-06.xml Third Party Advisory
http://securitytracker.com/id?1020855 Third Party Advisory VDB Entry
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 Broken Link
http://support.apple.com/kb/HT3549 Third Party Advisory
http://support.apple.com/kb/HT3550 Third Party Advisory
http://support.apple.com/kb/HT3613 Third Party Advisory
http://support.apple.com/kb/HT3639 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0325 Broken Link
http://www.debian.org/security/2008/dsa-1654 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 Broken Link
http://www.redhat.com/support/errata/RHSA-2008-0884.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0886.html Third Party Advisory
http://www.securityfocus.com/bid/31126 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-815-1 Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/2822 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1297 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1298 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1522 Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621 Third Party Advisory
http://xmlsoft.org/news.html Release Notes Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=461015 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45085 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103 Third Party Advisory
https://usn.ubuntu.com/644-1/ Third Party Advisory
https://www.exploit-db.com/exploits/8798 Exploit Third Party Advisory VDB Entry

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2008-3529 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2008-3529 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Feb. 13, 2023

    Action Type Old Value New Value
    Changed Description CVE-2008-3529 libxml2: long entity name heap buffer overflow Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
    Removed Reference https://access.redhat.com/errata/RHSA-2008:0884 [No Types Assigned]
    Removed Reference https://access.redhat.com/errata/RHSA-2008:0886 [No Types Assigned]
    Removed Reference https://access.redhat.com/security/cve/CVE-2008-3529 [No Types Assigned]
  • CVE Modified by [email protected]

    Feb. 02, 2023

    Action Type Old Value New Value
    Changed Description Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. CVE-2008-3529 libxml2: long entity name heap buffer overflow
    Added Reference https://access.redhat.com/security/cve/CVE-2008-3529 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2008:0886 [No Types Assigned]
    Added Reference https://access.redhat.com/errata/RHSA-2008:0884 [No Types Assigned]
  • Modified Analysis by [email protected]

    Nov. 08, 2021

    Action Type Old Value New Value
    Changed Reference Type http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html No Types Assigned http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html Broken Link, Mailing List
    Changed Reference Type http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html No Types Assigned http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.apple.com/archives/security-announce/2009/May/msg00000.html No Types Assigned http://lists.apple.com/archives/security-announce/2009/May/msg00000.html Mailing List, Third Party Advisory
    Changed Reference Type http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html No Types Assigned http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html Mailing List, Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/31558 No Types Assigned http://secunia.com/advisories/31558 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/31855 No Types Assigned http://secunia.com/advisories/31855 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/31860 No Types Assigned http://secunia.com/advisories/31860 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/31868 No Types Assigned http://secunia.com/advisories/31868 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/31982 No Types Assigned http://secunia.com/advisories/31982 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/32265 No Types Assigned http://secunia.com/advisories/32265 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/32280 No Types Assigned http://secunia.com/advisories/32280 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/32807 No Types Assigned http://secunia.com/advisories/32807 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/32974 No Types Assigned http://secunia.com/advisories/32974 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/33715 No Types Assigned http://secunia.com/advisories/33715 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/33722 No Types Assigned http://secunia.com/advisories/33722 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/35056 No Types Assigned http://secunia.com/advisories/35056 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/35074 No Types Assigned http://secunia.com/advisories/35074 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/35379 No Types Assigned http://secunia.com/advisories/35379 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/36173 No Types Assigned http://secunia.com/advisories/36173 Third Party Advisory
    Changed Reference Type http://secunia.com/advisories/36235 No Types Assigned http://secunia.com/advisories/36235 Third Party Advisory
    Changed Reference Type http://security.gentoo.org/glsa/glsa-200812-06.xml No Types Assigned http://security.gentoo.org/glsa/glsa-200812-06.xml Third Party Advisory
    Changed Reference Type http://securitytracker.com/id?1020855 No Types Assigned http://securitytracker.com/id?1020855 Third Party Advisory, VDB Entry
    Changed Reference Type http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 No Types Assigned http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 Broken Link
    Changed Reference Type http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 No Types Assigned http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1 Broken Link
    Changed Reference Type http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1 No Types Assigned http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1 Broken Link
    Changed Reference Type http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 No Types Assigned http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1 Broken Link
    Changed Reference Type http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 No Types Assigned http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1 Broken Link
    Changed Reference Type http://support.apple.com/kb/HT3549 No Types Assigned http://support.apple.com/kb/HT3549 Third Party Advisory
    Changed Reference Type http://support.apple.com/kb/HT3550 No Types Assigned http://support.apple.com/kb/HT3550 Third Party Advisory
    Changed Reference Type http://support.apple.com/kb/HT3613 No Types Assigned http://support.apple.com/kb/HT3613 Third Party Advisory
    Changed Reference Type http://support.apple.com/kb/HT3639 No Types Assigned http://support.apple.com/kb/HT3639 Third Party Advisory
    Changed Reference Type http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm No Types Assigned http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm Third Party Advisory
    Changed Reference Type http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm No Types Assigned http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm Third Party Advisory
    Changed Reference Type http://wiki.rpath.com/Advisories:rPSA-2008-0325 No Types Assigned http://wiki.rpath.com/Advisories:rPSA-2008-0325 Broken Link
    Changed Reference Type http://www.debian.org/security/2008/dsa-1654 No Types Assigned http://www.debian.org/security/2008/dsa-1654 Third Party Advisory
    Changed Reference Type http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 No Types Assigned http://www.mandriva.com/security/advisories?name=MDVSA-2008:192 Broken Link
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2008-0884.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2008-0884.html Third Party Advisory
    Changed Reference Type http://www.redhat.com/support/errata/RHSA-2008-0886.html No Types Assigned http://www.redhat.com/support/errata/RHSA-2008-0886.html Third Party Advisory
    Changed Reference Type http://www.securityfocus.com/bid/31126 No Types Assigned http://www.securityfocus.com/bid/31126 Third Party Advisory, VDB Entry
    Changed Reference Type http://www.ubuntu.com/usn/USN-815-1 No Types Assigned http://www.ubuntu.com/usn/USN-815-1 Third Party Advisory
    Changed Reference Type http://www.us-cert.gov/cas/techalerts/TA09-133A.html US Government Resource http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory, US Government Resource
    Changed Reference Type http://www.vupen.com/english/advisories/2008/2822 No Types Assigned http://www.vupen.com/english/advisories/2008/2822 Third Party Advisory
    Changed Reference Type http://www.vupen.com/english/advisories/2009/1297 No Types Assigned http://www.vupen.com/english/advisories/2009/1297 Third Party Advisory
    Changed Reference Type http://www.vupen.com/english/advisories/2009/1298 No Types Assigned http://www.vupen.com/english/advisories/2009/1298 Third Party Advisory
    Changed Reference Type http://www.vupen.com/english/advisories/2009/1522 No Types Assigned http://www.vupen.com/english/advisories/2009/1522 Third Party Advisory
    Changed Reference Type http://www.vupen.com/english/advisories/2009/1621 No Types Assigned http://www.vupen.com/english/advisories/2009/1621 Third Party Advisory
    Changed Reference Type http://xmlsoft.org/news.html No Types Assigned http://xmlsoft.org/news.html Release Notes, Vendor Advisory
    Changed Reference Type https://bugzilla.redhat.com/show_bug.cgi?id=461015 No Types Assigned https://bugzilla.redhat.com/show_bug.cgi?id=461015 Issue Tracking, Third Party Advisory
    Changed Reference Type https://exchange.xforce.ibmcloud.com/vulnerabilities/45085 No Types Assigned https://exchange.xforce.ibmcloud.com/vulnerabilities/45085 Third Party Advisory, VDB Entry
    Changed Reference Type https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 No Types Assigned https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 Third Party Advisory
    Changed Reference Type https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103 No Types Assigned https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103 Third Party Advisory
    Changed Reference Type https://usn.ubuntu.com/644-1/ No Types Assigned https://usn.ubuntu.com/644-1/ Third Party Advisory
    Changed Reference Type https://www.exploit-db.com/exploits/8798 No Types Assigned https://www.exploit-db.com/exploits/8798 Exploit, Third Party Advisory, VDB Entry
    Changed CPE Configuration AND OR *cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:* *cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* versions up to (including) 2.6.30 OR *cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* versions up to (excluding) 2.7.0
    Added CPE Configuration OR *cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions from (including) 3.2.0 up to (excluding) 3.2.3 *cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* versions up to (excluding) 4.0 *cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to (excluding) 3.0 *cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to (excluding) 10.5.7 *cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Oct. 03, 2018

    Action Type Old Value New Value
    Removed Reference http://www.ubuntulinux.org/support/documentation/usn/usn-644-1 [No Types Assigned]
    Added Reference https://usn.ubuntu.com/644-1/ [No Types Assigned]
  • CVE Modified by [email protected]

    Sep. 29, 2017

    Action Type Old Value New Value
    Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6103 [No Types Assigned]
    Removed Reference http://www.milw0rm.com/exploits/8798 [No Types Assigned]
    Removed Reference http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11760 [No Types Assigned]
    Added Reference https://www.exploit-db.com/exploits/8798 [No Types Assigned]
    Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103 [No Types Assigned]
    Added Reference https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760 [No Types Assigned]
  • CVE Modified by [email protected]

    Aug. 08, 2017

    Action Type Old Value New Value
    Removed Reference http://xforce.iss.net/xforce/xfdb/45085 [No Types Assigned]
    Added Reference https://exchange.xforce.ibmcloud.com/vulnerabilities/45085 [No Types Assigned]
  • Initial Analysis by [email protected]

    Sep. 12, 2008

    Action Type Old Value New Value
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

88.07 }} -3.99%

score

0.98738

percentile

CVSS2 - Vulnerability Scoring System
Access Vector
Access Complexity
Authentication
Confidentiality
Integrity
Availability
: