VYPR
Unrated severityNVD Advisory· Published Aug 1, 2008· Updated Jun 16, 2026

CVE-2008-2935

CVE-2008-2935

Description

Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt 1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary code via an XML file containing a long string as "an argument in the XSL input."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Xmlsoft/Libxslt17 versions
    cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:xmlsoft:libxslt:1.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxslt:1.1.9:*:*:*:*:*:*:*
  • Libexslt/libexsltllm-create
    Range: 1.1.8 - 1.1.24
  • Libxslt/libxsltllm-fuzzy
    Range: 1.1.8 - 1.1.24

Patches

Vulnerability mechanics

References

27

News mentions

0

No linked articles in our index yet.