CVE-2008-3281

MEDIUM

libxml2 <2.6.32 - DoS

Title source: llm

Description

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

References (42)

... and 22 more

Scores

CVSS v3 6.5
EPSS 0.0080
EPSS Percentile 73.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE
CWE-776
Status draft

Affected Products (26)

xmlsoft/libxml2 < 2.6.32
apple/safari < 4.0
apple/iphone_os < 3.0
fedoraproject/fedora
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/debian_linux
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_desktop
redhat/enterprise_linux_eus
redhat/enterprise_linux_eus
redhat/enterprise_linux_server
... and 11 more

Timeline

Published Aug 27, 2008
Tracked Since Feb 18, 2026