CVE-2008-2935 (retired)

Priority
Description
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka
exsltCryptoRc4EncryptFunction) and (2) decryption (aka
exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt
1.1.8 through 1.1.24 allow context-dependent attackers to execute arbitrary
code via an XML file containing a long string as "an argument in the XSL
input."
Assigned-to
kees
Notes
Package
Upstream:released (1.1.25)
More Information

Updated: 2019-10-09 07:11:17 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)