CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

公開: 2008-01-11 最後更新: 2026-06-16 指派方: [email protected] 來源: [email protected]

結論預警: CVE-2007-6284 綜合評估為中等風險(46.1/100):CVSS 技術影響為中級,利用機率(EPSS 2.57%) 強制指令: 梳理受影響資產並納入修補計畫。

風險隨態勢動態變化;本站持續評估並同步更新本頁展示內容。

CVE-2007-6284 的 EPSS(利用預測評分)

EPSS 日更估計相對被利用可能性;百分位表示該 CVE 在已評分漏洞中的相對排名(越高表示相對更嚴重)。

# 日期 舊 EPSS 分數 新 EPSS 分數 變化(新 − 舊)
1 2026-06-15 5.55% 2.57% -2.98%
2 2026-06-07 5.10% 5.55% +0.45%
3 2026-05-20 5.10%

完整 EPSS 歷史 (共 20 筆)

CVE-2007-6284 的 CVSS 指標

該 CVE 的 CVSS 指標。

底座分 版本 嚴重度 向量 可利用性 影響 分數來源
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P 點擊展開
存取路徑 (AV:N)
只要路由可達,即可從遠端發動利用。
存取複雜度 (AC:L)
步驟短、路徑清楚,重現成本低。
認證 (AU:N)
全程無需有效身分。
機密性影響 (C:N)
對機密性無影響。
完整性影響 (I:N)
對完整性無影響。
可用性影響 (A:P)
可用性受到部分損害。
10.0 2.9 [email protected]

CVE-2007-6284 的弱點列舉

CVE-2007-6284 的 OS 追蹤

vendor priority summary link
debian medium CVE-2007-6284 medium priority: Debian including 1 source packages (libxml2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2007-6284
gentoo normal CVE-2007-6284: 1 GLSA(s) (200801-20), 1 atom(s) (dev-libs/libxml2); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2007-6284
redhat high https://access.redhat.com/security/cve/CVE-2007-6284
suse medium CVE-2007-6284 severity moderate: SUSE including 36 source package names (libxml2, libxml2-2-2.11.6-2.1, …), 39 product×package rows across 13 product lines (SUSE Linux Enterprise Point of Service 11 SP3, SUSE Linux Enterprise Server 11 SP1, … (13 product lines)): Fixed 35, Known Not Affected 4. https://www.suse.com/security/cve/CVE-2007-6284/
ubuntu medium CVE-2007-6284 medium priority: Ubuntu including 1 source packages (libxml2), 5 status rows across 5 suites (dapper, edgy, feisty, gutsy, upstream): released 4, needs-triage 1. https://ubuntu.com/security/CVE-2007-6284

CVE-2007-6284 的影響軟體 / 設定

廠商 產品 版本 原始 CPE
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
debian debian_linux 3.1 cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
debian debian_linux 4.0 cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
mandrakesoft mandrake_linux 2007 cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 2007 cpe:2.3:o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
mandrakesoft mandrake_linux 2007.1 cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 2007.1 cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*
mandrakesoft mandrake_linux 2008.0 cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 2008.0 cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 3.0 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 3.0 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 4.0 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
mandrakesoft mandrake_linux_corporate_server 4.0 cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
redhat fedora 7 cpe:2.3:o:redhat:fedora:7:*:*:*:*:*:*:*
redhat fedora 8 cpe:2.3:o:redhat:fedora:8:*:*:*:*:*:*:*

CVE-2007-6284 的參考連結

URL 標籤
http://bugs.gentoo.org/show_bug.cgi?id=202628
http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2008/000009.html
http://mail.gnome.org/archives/xml/2008-January/msg00036.html
http://secunia.com/advisories/28439 Vendor Advisory
http://secunia.com/advisories/28444 Vendor Advisory
http://secunia.com/advisories/28450 Vendor Advisory
http://secunia.com/advisories/28452 Vendor Advisory
http://secunia.com/advisories/28458 Vendor Advisory
http://secunia.com/advisories/28466 Vendor Advisory
http://secunia.com/advisories/28470 Vendor Advisory
http://secunia.com/advisories/28475 Vendor Advisory
http://secunia.com/advisories/28636 Vendor Advisory
http://secunia.com/advisories/28716 Vendor Advisory
http://secunia.com/advisories/28740
http://secunia.com/advisories/29591
http://secunia.com/advisories/31074
http://security.gentoo.org/glsa/glsa-200801-20.xml
http://securitytracker.com/id?1019181
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103201-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201514-1
http://support.avaya.com/elmodocs2/security/ASA-2008-047.htm
http://support.avaya.com/elmodocs2/security/ASA-2008-050.htm
http://www.debian.org/security/2008/dsa-1461
http://www.mandriva.com/security/advisories?name=MDVSA-2008:010
http://www.novell.com/linux/security/advisories/suse_security_summary_report.html
http://www.redhat.com/support/errata/RHSA-2008-0032.html Patch
http://www.securityfocus.com/archive/1/486410/100/0/threaded
http://www.securityfocus.com/archive/1/490306/100/0/threaded
http://www.securityfocus.com/bid/27248
http://www.vupen.com/english/advisories/2008/0117
http://www.vupen.com/english/advisories/2008/0144
http://www.vupen.com/english/advisories/2008/1033/references
http://www.vupen.com/english/advisories/2008/2094/references
http://www.xmlsoft.org/news.html
https://bugzilla.redhat.com/show_bug.cgi?id=425927
https://issues.rpath.com/browse/RPL-2121
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11594
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5216
https://usn.ubuntu.com/569-1/
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00379.html
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00396.html
cvelogic Threat Intelligence