Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2007-6284

Published: 12/01/2008 Updated: 13/02/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Mandrake Linux Corporate Server

Vulnerability Summary

The xmlCurrentChar function in libxml2 prior to 2.6.31 allows context-dependent malicious users to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Vulnerable Product Search on Vulmon Subscribe to Product

mandrakesoft mandrake linux corporate server 4.0

debian debian linux 3.1

debian debian linux 4.0

redhat fedora 7

mandrakesoft mandrake linux 2007

redhat fedora 8

mandrakesoft mandrake linux 2007.1

mandrakesoft mandrake linux corporate server 3.0

mandrakesoft mandrake linux 2008.0

Vendor Advisories

Debian CVElist Bug Report Logs: libxml2: CVE-2007-6284 denial of service via crafted UTF-8 sequence
Debian Bug report logs - #460292 libxml2: CVE-2007-6284 denial of service via crafted UTF-8 sequence Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Pascal Volk <user@localhostlocaldomain ...
Ubuntu Security Notice: libxml2 vulnerability
Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption ...
Debian Security Advisories: DSA-1461-1 libxml2 -- missing input validation
Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop For the old stable distribution (sarge), this problem has been fixed in version 2616-7sarge1 For the stable distribution (etc ...

References

CWE-399https://bugzilla.redhat.com/show_bug.cgi?id=425927http://www.redhat.com/support/errata/RHSA-2008-0032.htmlhttp://www.securityfocus.com/bid/27248http://secunia.com/advisories/28439http://secunia.com/advisories/28444http://mail.gnome.org/archives/xml/2008-January/msg00036.htmlhttp://www.xmlsoft.org/news.htmlhttps://issues.rpath.com/browse/RPL-2121http://www.debian.org/security/2008/dsa-1461https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:010http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1http://securitytracker.com/id?1019181http://secunia.com/advisories/28452http://secunia.com/advisories/28458http://secunia.com/advisories/28470http://secunia.com/advisories/28466http://secunia.com/advisories/28475http://secunia.com/advisories/28450http://www.novell.com/linux/security/advisories/suse_security_summary_report.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=202628http://security.gentoo.org/glsa/glsa-200801-20.xmlhttp://secunia.com/advisories/28636http://secunia.com/advisories/28716http://support.avaya.com/elmodocs2/security/ASA-2008-047.htmhttp://support.avaya.com/elmodocs2/security/ASA-2008-050.htmhttp://secunia.com/advisories/28740http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1http://lists.vmware.com/pipermail/security-announce/2008/000009.htmlhttp://secunia.com/advisories/29591http://secunia.com/advisories/31074http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.htmlhttp://www.vupen.com/english/advisories/2008/0144http://www.vupen.com/english/advisories/2008/0117http://www.vupen.com/english/advisories/2008/1033/referenceshttp://www.vupen.com/english/advisories/2008/2094/referenceshttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594https://usn.ubuntu.com/569-1/http://www.securityfocus.com/archive/1/490306/100/0/threadedhttp://www.securityfocus.com/archive/1/486410/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460292https://usn.ubuntu.com/569-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook