CVE-2008-4409

Impact:
Moderate
Public Date:
2008-10-02
CWE:
CWE-835
Bugzilla:
465756: CVE-2008-4409 libxml2: infinite loop when entity is used in entity definition

The MITRE CVE dictionary describes this issue as:

libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a certain XML document, a different vulnerability than CVE-2003-1564 and CVE-2008-3281.

Find out more about CVE-2008-4409 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Not vulnerable. This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.