Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: libxml2 "ampproblem" DoS
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 7 Oct 2008 14:33:24 -0400 (EDT)

On Mon, 6 Oct 2008, Tomas Hoger wrote:

CVE-2008-4409 is public on NVD site, CVE-2008-4422 in Gentoo BZ and
here...  CVE-2008-4422 should probably be rejected.


- Steve

Name: CVE-2008-4409
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409
Reference: MLIST:[oss-security] 20081002 libxml2 "ampproblem" DoS
Reference: URL:http://openwall.com/lists/oss-security/2008/10/02/4
Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=554660

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities
definitions" in entities, which allows context-dependent attackers to
cause a denial of service (memory consumption and application crash),
as demonstrated by use of xmllint on a certain XML document, a
different vulnerability than CVE-2003-1564 and CVE-2008-3281.

Name: CVE-2008-4422
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4422

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2008-4409.  Reason:
This candidate is a duplicate of CVE-2008-4409.  Notes: All CVE users
should reference CVE-2008-4409 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]