oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: libxml2 "ampproblem" DoS

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 7 Oct 2008 14:33:24 -0400 (EDT)

On Mon, 6 Oct 2008, Tomas Hoger wrote:


CVE-2008-4409 is public on NVD site, CVE-2008-4422 in Gentoo BZ and
here...  CVE-2008-4422 should probably be rejected.


Agreed.

- Steve

======================================================
Name: CVE-2008-4409
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4409
Reference: MLIST:[oss-security] 20081002 libxml2 "ampproblem" DoS
Reference: URL:http://openwall.com/lists/oss-security/2008/10/02/4
Reference: CONFIRM:http://bugzilla.gnome.org/show_bug.cgi?id=554660

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities
definitions" in entities, which allows context-dependent attackers to
cause a denial of service (memory consumption and application crash),
as demonstrated by use of xmllint on a certain XML document, a
different vulnerability than CVE-2003-1564 and CVE-2008-3281.


======================================================
Name: CVE-2008-4422
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4422

** REJECT **

DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2008-4409.  Reason:
This candidate is a duplicate of CVE-2008-4409.  Notes: All CVE users
should reference CVE-2008-4409 instead of this candidate.  All
references and descriptions in this candidate have been removed to
prevent accidental usage.
Previous By Date Next
Previous By Thread Next

Current thread: