NVD Vulnerability Detail

CVE-2008-3529

Summary	Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Summary	Desbordamiento de búfer basado en pila en la función xmlParseAttValueComplex en el módulo parser.c de libxml2 versiones anteriores a 2.7.0 permite a atacantes dependientes del contexto provocar una denegación de servicio (parada inesperada) o la posibilidad de ejecutar código de su elección al utilizar un nombre largo de entidad XML.
Publication Date	Sept. 13, 2008, 1:56 a.m.
Registration Date	Jan. 29, 2021, 1:40 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxml2::::::::				2.7.0
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
cpe:2.3:a:apple:safari::::::::				4.0
cpe:2.3:a:apple:safari::::::::	3.2.0			3.2.3
cpe:2.3:o:apple:iphone_os::::::::				3.0
cpe:2.3:o:apple:mac_os_x::::::::				10.5.7
cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	secalert@redhat.com
2	http://lists.apple.com/archives/security-announce/2009/May/msg00000.html	secalert@redhat.com
3	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	secalert@redhat.com
4	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html	secalert@redhat.com
5	http://secunia.com/advisories/31558	secalert@redhat.com
6	http://secunia.com/advisories/31855	secalert@redhat.com
7	http://secunia.com/advisories/31860	secalert@redhat.com
8	http://secunia.com/advisories/31868	secalert@redhat.com
9	http://secunia.com/advisories/31982	secalert@redhat.com
10	http://secunia.com/advisories/32265	secalert@redhat.com
11	http://secunia.com/advisories/32280	secalert@redhat.com
12	http://secunia.com/advisories/32807	secalert@redhat.com
13	http://secunia.com/advisories/32974	secalert@redhat.com
14	http://secunia.com/advisories/33715	secalert@redhat.com
15	http://secunia.com/advisories/33722	secalert@redhat.com
16	http://secunia.com/advisories/35056	secalert@redhat.com
17	http://secunia.com/advisories/35074	secalert@redhat.com
18	http://secunia.com/advisories/35379	secalert@redhat.com
19	http://secunia.com/advisories/36173	secalert@redhat.com
20	http://secunia.com/advisories/36235	secalert@redhat.com
21	http://security.gentoo.org/glsa/glsa-200812-06.xml	secalert@redhat.com
22	http://securitytracker.com/id?1020855	secalert@redhat.com
23	http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1	secalert@redhat.com
24	http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1	secalert@redhat.com
25	http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1	secalert@redhat.com
26	http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1	secalert@redhat.com
27	http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1	secalert@redhat.com
28	http://support.apple.com/kb/HT3549	secalert@redhat.com
29	http://support.apple.com/kb/HT3550	secalert@redhat.com
30	http://support.apple.com/kb/HT3613	secalert@redhat.com
31	http://support.apple.com/kb/HT3639	secalert@redhat.com
32	http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm	secalert@redhat.com
33	http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm	secalert@redhat.com
34	http://wiki.rpath.com/Advisories:rPSA-2008-0325	secalert@redhat.com
35	http://www.debian.org/security/2008/dsa-1654	secalert@redhat.com
36	http://www.mandriva.com/security/advisories?name=MDVSA-2008:192	secalert@redhat.com
37	http://www.redhat.com/support/errata/RHSA-2008-0884.html	secalert@redhat.com
38	http://www.redhat.com/support/errata/RHSA-2008-0886.html	secalert@redhat.com
39	http://www.securityfocus.com/bid/31126	secalert@redhat.com
40	http://www.ubuntu.com/usn/USN-815-1	secalert@redhat.com
41	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	secalert@redhat.com
42	http://www.vupen.com/english/advisories/2008/2822	secalert@redhat.com
43	http://www.vupen.com/english/advisories/2009/1297	secalert@redhat.com
44	http://www.vupen.com/english/advisories/2009/1298	secalert@redhat.com
45	http://www.vupen.com/english/advisories/2009/1522	secalert@redhat.com
46	http://www.vupen.com/english/advisories/2009/1621	secalert@redhat.com
47	http://xmlsoft.org/news.html	secalert@redhat.com
48	https://bugzilla.redhat.com/show_bug.cgi?id=461015	secalert@redhat.com
49	https://exchange.xforce.ibmcloud.com/vulnerabilities/45085	secalert@redhat.com
50	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760	secalert@redhat.com
51	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103	secalert@redhat.com
52	https://usn.ubuntu.com/644-1/	secalert@redhat.com
53	https://www.exploit-db.com/exploits/8798	secalert@redhat.com
54	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	af854a3a-2127-422b-91ae-364da2661108
55	http://lists.apple.com/archives/security-announce/2009/May/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
56	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	af854a3a-2127-422b-91ae-364da2661108
57	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
58	http://secunia.com/advisories/31558	af854a3a-2127-422b-91ae-364da2661108
59	http://secunia.com/advisories/31855	af854a3a-2127-422b-91ae-364da2661108
60	http://secunia.com/advisories/31860	af854a3a-2127-422b-91ae-364da2661108
61	http://secunia.com/advisories/31868	af854a3a-2127-422b-91ae-364da2661108
62	http://secunia.com/advisories/31982	af854a3a-2127-422b-91ae-364da2661108
63	http://secunia.com/advisories/32265	af854a3a-2127-422b-91ae-364da2661108
64	http://secunia.com/advisories/32280	af854a3a-2127-422b-91ae-364da2661108
65	http://secunia.com/advisories/32807	af854a3a-2127-422b-91ae-364da2661108
66	http://secunia.com/advisories/32974	af854a3a-2127-422b-91ae-364da2661108
67	http://secunia.com/advisories/33715	af854a3a-2127-422b-91ae-364da2661108
68	http://secunia.com/advisories/33722	af854a3a-2127-422b-91ae-364da2661108
69	http://secunia.com/advisories/35056	af854a3a-2127-422b-91ae-364da2661108
70	http://secunia.com/advisories/35074	af854a3a-2127-422b-91ae-364da2661108
71	http://secunia.com/advisories/35379	af854a3a-2127-422b-91ae-364da2661108
72	http://secunia.com/advisories/36173	af854a3a-2127-422b-91ae-364da2661108
73	http://secunia.com/advisories/36235	af854a3a-2127-422b-91ae-364da2661108
74	http://security.gentoo.org/glsa/glsa-200812-06.xml	af854a3a-2127-422b-91ae-364da2661108
75	http://securitytracker.com/id?1020855	af854a3a-2127-422b-91ae-364da2661108
76	http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1	af854a3a-2127-422b-91ae-364da2661108
77	http://sunsolve.sun.com/search/document.do?assetkey=1-21-141243-01-1	af854a3a-2127-422b-91ae-364da2661108
78	http://sunsolve.sun.com/search/document.do?assetkey=1-26-247346-1	af854a3a-2127-422b-91ae-364da2661108
79	http://sunsolve.sun.com/search/document.do?assetkey=1-66-261688-1	af854a3a-2127-422b-91ae-364da2661108
80	http://sunsolve.sun.com/search/document.do?assetkey=1-66-265329-1	af854a3a-2127-422b-91ae-364da2661108
81	http://support.apple.com/kb/HT3549	af854a3a-2127-422b-91ae-364da2661108
82	http://support.apple.com/kb/HT3550	af854a3a-2127-422b-91ae-364da2661108
83	http://support.apple.com/kb/HT3613	af854a3a-2127-422b-91ae-364da2661108
84	http://support.apple.com/kb/HT3639	af854a3a-2127-422b-91ae-364da2661108
85	http://support.avaya.com/elmodocs2/security/ASA-2008-400.htm	af854a3a-2127-422b-91ae-364da2661108
86	http://support.avaya.com/elmodocs2/security/ASA-2009-025.htm	af854a3a-2127-422b-91ae-364da2661108
87	http://wiki.rpath.com/Advisories:rPSA-2008-0325	af854a3a-2127-422b-91ae-364da2661108
88	http://www.debian.org/security/2008/dsa-1654	af854a3a-2127-422b-91ae-364da2661108
89	http://www.mandriva.com/security/advisories?name=MDVSA-2008:192	af854a3a-2127-422b-91ae-364da2661108
90	http://www.redhat.com/support/errata/RHSA-2008-0884.html	af854a3a-2127-422b-91ae-364da2661108
91	http://www.redhat.com/support/errata/RHSA-2008-0886.html	af854a3a-2127-422b-91ae-364da2661108
92	http://www.securityfocus.com/bid/31126	af854a3a-2127-422b-91ae-364da2661108
93	http://www.ubuntu.com/usn/USN-815-1	af854a3a-2127-422b-91ae-364da2661108
94	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	af854a3a-2127-422b-91ae-364da2661108
95	http://www.vupen.com/english/advisories/2008/2822	af854a3a-2127-422b-91ae-364da2661108
96	http://www.vupen.com/english/advisories/2009/1297	af854a3a-2127-422b-91ae-364da2661108
97	http://www.vupen.com/english/advisories/2009/1298	af854a3a-2127-422b-91ae-364da2661108
98	http://www.vupen.com/english/advisories/2009/1522	af854a3a-2127-422b-91ae-364da2661108
99	http://www.vupen.com/english/advisories/2009/1621	af854a3a-2127-422b-91ae-364da2661108
100	http://xmlsoft.org/news.html	af854a3a-2127-422b-91ae-364da2661108
101	https://bugzilla.redhat.com/show_bug.cgi?id=461015	af854a3a-2127-422b-91ae-364da2661108
102	https://exchange.xforce.ibmcloud.com/vulnerabilities/45085	af854a3a-2127-422b-91ae-364da2661108
103	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11760	af854a3a-2127-422b-91ae-364da2661108
104	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6103	af854a3a-2127-422b-91ae-364da2661108
105	https://usn.ubuntu.com/644-1/	af854a3a-2127-422b-91ae-364da2661108
106	https://www.exploit-db.com/exploits/8798	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

libxml2 の xmlParseAttValueComplex 関数におけるヒープベースのバッファオーバーフローの脆弱性

Title	libxml2 の xmlParseAttValueComplex 関数におけるヒープベースのバッファオーバーフローの脆弱性
Summary	libxml2 の xmlParseAttValueComplex 関数には、XML エンティティ名の処理に不備があるため、ヒープベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	長い XML エンティティ名を処理することにより、サービス運用妨害状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 1, 2008, midnight
Registration Date	Oct. 3, 2008, 2:25 p.m.
Last Update	June 26, 2012, 11:05 a.m.

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Linux Advanced Workstation 2.1

RHEL Desktop Workstation 5 (client)

オラクル

Oracle Solaris 10

Oracle Solaris 9

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5 から v10.5.6

Apple Mac OS X v10.5.7

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5 から v10.5.6

Apple Mac OS X Server v10.5.7

iOS 1.0 から 2.2.1

iOS for iPod touch 1.1 から 2.2.1

Safari 4.0 未満

xmlsoft.org

libxml2 2.7.0 以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-3529	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
National Vulnerability Database (NVD)
2	CVE-2008-3529	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3529
SECURITY BLOG
3	CVE-2008-3529 Buffer overflow vulnerability in libxml2	https://blogs.oracle.com/sunsecurity/entry/cve_2008_3529_buffer_overflow

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3549	http://support.apple.com/kb/HT3549
2	HT3613	http://support.apple.com/kb/HT3613
3	HT3639	http://support.apple.com/kb/HT3639
Apple セキュリティアップデート
4	HT3549	http://support.apple.com/kb/HT3549?viewlocale=ja_JP
5	HT3613	http://support.apple.com/kb/HT3613?viewlocale=ja_JP
6	HT3639	http://support.apple.com/kb/HT3639?viewlocale=ja_JP
Asianux Technical Support Network
7	libxml2-2.6.26-2.1.2.6.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=348
MIRACLE LINUX アップデート情報
8	1315	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1315
9	1344	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1344
Red Hat Security Advisory
10	RHSA-2008:0884	https://rhn.redhat.com/errata/RHSA-2008-0884.html
11	RHSA-2008:0886	https://rhn.redhat.com/errata/RHSA-2008-0886.html
Sun Alert Notification
12	247346	http://sunsolve.sun.com/search/document.do?assetkey=1-66-247346-1
xmlsoft.org news
13	2.7.1: Sep 1 2008	http://xmlsoft.org/news.html
レッドハットセキュリティーアップデート
14	RHSA-2008:0884	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0884J.html
15	RHSA-2008:0886	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2008-0886J.html

その他

No	Name	URL
ISS X-Force Database
1	45085	http://xforce.iss.net/xforce/xfdb/45085
Secunia Advisory
2	SA31860	http://secunia.com/advisories/31860
3	SA31868	http://secunia.com/advisories/31868
SecurityFocus
4	31126	http://www.securityfocus.com/bid/31126
SecurityTracker
5	1020855	http://securitytracker.com/id?1020855
VUPEN Security
6	VUPEN/ADV-2008-2419	http://www.vupen.com/english/advisories/2008/2419

Change Log

No	Changed Details	Date of change
0	[2008年10月03日] 掲載 [2008年11月14日] 影響を受けるシステム：ミラクル・リナックス (1344) の情報を追加ベンダ情報: ミラクル・リナックス (1344) 追加 [2008年11月26日] 影響を受けるシステム：ミラクル・リナックス (libxml2-2.6.26-2.1.2.6.1AXS3) の情報を追加ベンダ情報：ミラクル・リナックス (libxml2-2.6.26-2.1.2.6.1AXS3) を追加 [2009年02月20日] 影響を受けるシステム：サン・マイクロシステムズ (247346) の情報を追加ベンダ情報：サン・マイクロシステムズ (247346) を追加 [2009年06月26日] 影響を受けるシステム：アップル (HT3549) の情報を追加影響を受けるシステム：アップル (HT3639) の情報を追加影響を受けるシステム：アップル (HT3613) の情報を追加ベンダ情報：アップル (HT3549) を追加ベンダ情報：アップル (HT3639) を追加ベンダ情報：アップル (HT3613) を追加 [2012年06月26日] 影響を受けるシステム：オラクル (CVE-2008-3529 Buffer overflow vulnerability in libxml2) の情報を追加ベンダ情報：オラクル (CVE-2008-3529 Buffer overflow vulnerability in libxml2) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxml2::::::::				2.7.0
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
cpe:2.3:a:apple:safari::::::::				4.0
cpe:2.3:a:apple:safari::::::::	3.2.0			3.2.3
cpe:2.3:o:apple:iphone_os::::::::				3.0
cpe:2.3:o:apple:mac_os_x::::::::				10.5.7
cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*