CVE-2008-2935

libxslt 1.1.8-1.1.24 - Heap-Based Buffer Overflow in RC4 Encryption/Decryption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2935. PoCs published by Chris Evans.

AI-analyzed exploit summary The provided text describes a heap-based buffer overflow vulnerability in the 'libxslt' library (versions 1.1.8 to 1.1.24) due to inadequate boundary checks. Exploitation could lead to arbitrary code execution or denial-of-service conditions.

Description

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Chris Evans · textremotelinux

https://www.exploit-db.com/exploits/32133

View Code ZIP pw:eip

The provided text describes a heap-based buffer overflow vulnerability in the 'libxslt' library (versions 1.1.8 to 1.1.24) due to inadequate boundary checks. Exploitation could lead to arbitrary code execution or denial-of-service conditions.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: libxslt 1.1.8 to 1.1.24

No auth needed

Prerequisites: User interaction to process malicious XSLT input

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (27)

Core 27

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0649.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10827

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44141

Third Party Advisory x_refsource_confirm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0306

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32453

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31399

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31363

Various Sources x_refsource_misc

http://www.scary.beasts.org/security/CESA-2008-003.html

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00092.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/494976/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30467

Exploit, Patch x_refsource_misc

http://www.ocert.org/patches/exslt_crypt.patch

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4078

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200808-06.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31310

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:160

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-633-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31331

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/497829/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/495018/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31230

Vendor Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00118.html

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2266/references

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1020596

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1624

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31395

Patch x_refsource_misc

http://www.ocert.org/advisories/ocert-2008-009.html

Scores

EPSS 0.1279

EPSS Percentile 95.8%

Details

CWE

CWE-119

Status published

Products (17)

xmlsoft/libxslt 1.1.8

xmlsoft/libxslt 1.1.9

xmlsoft/libxslt 1.1.10

xmlsoft/libxslt 1.1.11

xmlsoft/libxslt 1.1.12

xmlsoft/libxslt 1.1.13

xmlsoft/libxslt 1.1.14

xmlsoft/libxslt 1.1.15

xmlsoft/libxslt 1.1.16

xmlsoft/libxslt 1.1.17

... and 7 more

Published Aug 01, 2008

Tracked Since Feb 18, 2026