FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

I found 2 entries for ce4b3af8-0b7c-11e1-846b-00235409fd3e. There should be only one.

VuXML ID	Description
d71da236-9a94-11dd-8f42-001c2514716c	libxml2 -- two vulnerabilities Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) A recursion error exists when processing certain XML content. This can be exploited to e.g. exhaust all available memory and CPU resources by tricking an application using Libxml2 into processing specially crafted XML documents. 2) A boundary error in the processing of long XML entity names in parser.c can be exploited to cause a heap-based buffer overflow when specially crafted XML content is parsed. Successful exploitation may allow execution of arbitrary code. Discovery 2008-08-22 Entry 2008-10-15 Modified 2008-10-20 libxml2 lt 2.6.32_1 CVE-2008-3281 CVE-2008-3529
847ade05-6717-11d8-b321-000a95bc6fae	libxml2 stack buffer overflow in URI parsing Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxml2 to parse documents. Discovery 2004-02-08 Entry 2004-02-25 libxml2 lt 2.6.6 CVE-2004-0110 http://www.xmlsoft.org/news.html http://mail.gnome.org/archives/xml/2004-February/msg00070.html

VuXML ID

Description

d71da236-9a94-11dd-8f42-001c2514716c

libxml2 -- two vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

1) A recursion error exists when processing certain XML content. This can be exploited to e.g. exhaust all available memory and CPU resources by tricking an application using Libxml2 into processing specially crafted XML documents.

2) A boundary error in the processing of long XML entity names in parser.c can be exploited to cause a heap-based buffer overflow when specially crafted XML content is parsed.

Successful exploitation may allow execution of arbitrary code.

Discovery 2008-08-22
Entry 2008-10-15
Modified 2008-10-20
libxml2

lt 2.6.32_1

CVE-2008-3281
CVE-2008-3529

847ade05-6717-11d8-b321-000a95bc6fae

libxml2 stack buffer overflow in URI parsing

Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxml2 to parse documents.

Discovery 2004-02-08
Entry 2004-02-25
libxml2

lt 2.6.6

CVE-2004-0110
http://www.xmlsoft.org/news.html
http://mail.gnome.org/archives/xml/2004-February/msg00070.html