Lucene search

[email protected]CVE-2010-4494

HistoryDec 07, 2010 - 9:00 p.m.

CVE-2010-4494

2010-12-0721:00:09

CWE-415

[email protected]

web.nvd.nist.gov

cve-2010-4494

double free

libxml2

denial of service

remote attackers

xpath handling

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Affected configurations

NVD

Node

googlechromeRange<8.0.552.215

Node

xmlsoftlibxml2Range≤2.7.8

Node

appleitunesRange<10.2

applesafariRange<5.0.4

appleiphone_osRange<4.3.0

applemac_os_xRange<10.6.7

Node

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

susesuse_linux_enterprise_serverMatch11sp1

Node

fedoraprojectfedoraMatch14

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.3

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

hpinsight_control_server_deployment

hprapid_deployment_pack

Node

apacheopenofficeRange2.1.0–2.4.3

apacheopenofficeRange3.0.0–3.3.0

CPENameOperatorVersion
google:chromegoogle chromelt8.0.552.215

CPE	Name	Operator	Version
google:chrome	google chrome	lt	8.0.552.215

References

code.google.com/p/chromium/issues/detail?id=63444

googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html

lists.apple.com/archives/security-announce/2011//Mar/msg00003.html

lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/055775.html

lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html

marc.info/?l=bugtraq&m=139447903326211&w=2

rhn.redhat.com/errata/RHSA-2013-0217.html

secunia.com/advisories/40775

secunia.com/advisories/42472

secunia.com/advisories/42721

secunia.com/advisories/42762

support.apple.com/kb/HT4554

support.apple.com/kb/HT4564

support.apple.com/kb/HT4566

support.apple.com/kb/HT4581

www.debian.org/security/2010/dsa-2137

www.mandriva.com/security/advisories?name=MDVSA-2010:260

www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

www.redhat.com/support/errata/RHSA-2011-1749.html

www.vupen.com/english/advisories/2010/3319

www.vupen.com/english/advisories/2010/3336

www.vupen.com/english/advisories/2011/0230

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11916

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2010-4494

nessus27 openvas29 altlinux4 fedora3 cvelist1 prion1 ubuntucve1 debian1 nvd1 veracode1 osv1 securityvulns9 debiancve1 f51 gentoo1 oraclelinux2 redhat2 vmware1 centos1 freebsd1 tenable1