CVE-2008-2935

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."
Configurations

Configuration 1

cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*

Information

Published : 2008-08-01 02:41

Updated : 2018-10-11 08:45


NVD link : CVE-2008-2935

Mitre link : CVE-2008-2935

Products Affected
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer