CVE-2008-5185

The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".

Published: Nov 21, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5185
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
geshi / geshi	-	1.0.7.22.x
geshi / geshi	1.0.7.2	1.0.7.2.x
geshi / geshi	1.0.7.3	1.0.7.3.x
geshi / geshi	1.0.7.17	1.0.7.17.x
geshi / geshi	1.0.7.20	1.0.7.20.x
geshi / geshi	1.0.7.15	1.0.7.15.x
geshi / geshi	1.0.7.19	1.0.7.19.x
geshi / geshi	1.0.4	1.0.4.x
geshi / geshi	1.0.7.7	1.0.7.7.x
geshi / geshi	1.0.7.5	1.0.7.5.x
geshi / geshi	1.0.7.6	1.0.7.6.x
geshi / geshi	1.0.7.9	1.0.7.9.x
geshi / geshi	1.0.1	1.0.1.x
geshi / geshi	1.0.7.16	1.0.7.16.x
geshi / geshi	1.0.6	1.0.6.x
geshi / geshi	1.0.7.4	1.0.7.4.x
geshi / geshi	1.0.7.10	1.0.7.10.x
geshi / geshi	1.0.7.21	1.0.7.21.x
geshi / geshi	1.0.5	1.0.5.x
geshi / geshi	1.0.7.14	1.0.7.14.x
geshi / geshi	1.0.7.11	1.0.7.11.x
geshi / geshi	1.0.7.12	1.0.7.12.x
geshi / geshi	1.0.2	1.0.2.x
geshi / geshi	1.0.3	1.0.3.x
geshi / geshi	1.0.2_beta_1	1.0.2_beta_1.x
geshi / geshi	1.0.7	1.0.7.x
geshi / geshi	1.0.0	1.0.0.x
geshi / geshi	1.0.7.13	1.0.7.13.x
geshi / geshi	1.0.7.8	1.0.7.8.x
geshi / geshi	1.0.7.18	1.0.7.18.x
geshi / geshi	1.0.7.1	1.0.7.1.x

Vulnerability Database

290,020

CVE-2008-5185