CVE-2008-3281

CVE Database · CVE-2008-3281

CVE-2008-3281

· MEDIUMModified

CVSS v3.1

6.5

EPSS

2.51%

Published

Aug 27, 2008

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-776

Affected Products (26)

xmlsoft · libxml2vulnerable

apple · safari (up to 4.0)vulnerable

apple · iphone_os (up to 3.0)vulnerable

fedoraproject · fedoravulnerable

canonical · ubuntu_linuxvulnerable

debian · debian_linuxvulnerable

redhat · enterprise_linux_desktop

References (20)

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Mailing List

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Broken LinkMailing List

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

Mailing List

http://lists.vmware.com/pipermail/security-announce/2008/000039.html

Broken Link

http://mail.gnome.org/archives/xml/2008-August/msg00034.html

Mailing ListPatch

http://secunia.com/advisories/31558

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs