Lucene search
ChromeCVE-2012-5134HistoryNov 28, 2012 - 1:55 a.m.
CVE-2012-5134
2012-11-2801:55:01
CWE-119
Chrome
web.nvd.nist.gov
58
cve-2012-5134
nvd
information security
buffer underflow
xmlparseattvaluecomplex
libxml2
denial of service
remote attackers
arbitrary code
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
9.7
Confidence
High
EPSS
0.044
Percentile
92.4%
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
Affected configurations
Node
googlechromeRange≤23.0.1271.89
ORgooglechromeMatch23.0.1271.0
ORgooglechromeMatch23.0.1271.1
ORgooglechromeMatch23.0.1271.2
ORgooglechromeMatch23.0.1271.3
ORgooglechromeMatch23.0.1271.4
ORgooglechromeMatch23.0.1271.5
ORgooglechromeMatch23.0.1271.6
ORgooglechromeMatch23.0.1271.7
ORgooglechromeMatch23.0.1271.8
ORgooglechromeMatch23.0.1271.10
ORgooglechromeMatch23.0.1271.11
ORgooglechromeMatch23.0.1271.12
ORgooglechromeMatch23.0.1271.13
ORgooglechromeMatch23.0.1271.14
ORgooglechromeMatch23.0.1271.15
ORgooglechromeMatch23.0.1271.16
ORgooglechromeMatch23.0.1271.17
ORgooglechromeMatch23.0.1271.18
ORgooglechromeMatch23.0.1271.19
ORgooglechromeMatch23.0.1271.20
ORgooglechromeMatch23.0.1271.21
ORgooglechromeMatch23.0.1271.22
ORgooglechromeMatch23.0.1271.23
ORgooglechromeMatch23.0.1271.24
ORgooglechromeMatch23.0.1271.26
ORgooglechromeMatch23.0.1271.30
ORgooglechromeMatch23.0.1271.31
ORgooglechromeMatch23.0.1271.32
ORgooglechromeMatch23.0.1271.33
ORgooglechromeMatch23.0.1271.35
ORgooglechromeMatch23.0.1271.36
ORgooglechromeMatch23.0.1271.37
ORgooglechromeMatch23.0.1271.38
ORgooglechromeMatch23.0.1271.39
ORgooglechromeMatch23.0.1271.40
ORgooglechromeMatch23.0.1271.41
ORgooglechromeMatch23.0.1271.44
ORgooglechromeMatch23.0.1271.45
ORgooglechromeMatch23.0.1271.46
ORgooglechromeMatch23.0.1271.49
ORgooglechromeMatch23.0.1271.50
ORgooglechromeMatch23.0.1271.51
ORgooglechromeMatch23.0.1271.52
ORgooglechromeMatch23.0.1271.53
ORgooglechromeMatch23.0.1271.54
ORgooglechromeMatch23.0.1271.55
ORgooglechromeMatch23.0.1271.56
ORgooglechromeMatch23.0.1271.57
ORgooglechromeMatch23.0.1271.58
ORgooglechromeMatch23.0.1271.60
ORgooglechromeMatch23.0.1271.61
ORgooglechromeMatch23.0.1271.62
ORgooglechromeMatch23.0.1271.64
ORgooglechromeMatch23.0.1271.83
ORgooglechromeMatch23.0.1271.84
ORgooglechromeMatch23.0.1271.85
ORgooglechromeMatch23.0.1271.86
ORgooglechromeMatch23.0.1271.87
ORgooglechromeMatch23.0.1271.88
ORxmlsoftlibxml2Range≤2.9.0
ORxmlsoftlibxml2Match1.7.0
ORxmlsoftlibxml2Match1.7.1
ORxmlsoftlibxml2Match1.7.2
ORxmlsoftlibxml2Match1.7.3
ORxmlsoftlibxml2Match1.7.4
ORxmlsoftlibxml2Match1.8.0
ORxmlsoftlibxml2Match1.8.1
ORxmlsoftlibxml2Match1.8.2
ORxmlsoftlibxml2Match1.8.3
ORxmlsoftlibxml2Match1.8.4
ORxmlsoftlibxml2Match1.8.5
ORxmlsoftlibxml2Match1.8.6
ORxmlsoftlibxml2Match1.8.7
ORxmlsoftlibxml2Match1.8.9
ORxmlsoftlibxml2Match1.8.10
ORxmlsoftlibxml2Match1.8.13
ORxmlsoftlibxml2Match1.8.14
ORxmlsoftlibxml2Match1.8.16
ORxmlsoftlibxml2Match2.0.0
ORxmlsoftlibxml2Match2.1.0
ORxmlsoftlibxml2Match2.1.1
ORxmlsoftlibxml2Match2.2.0
ORxmlsoftlibxml2Match2.2.0beta
ORxmlsoftlibxml2Match2.2.1
ORxmlsoftlibxml2Match2.2.2
ORxmlsoftlibxml2Match2.2.3
ORxmlsoftlibxml2Match2.2.4
ORxmlsoftlibxml2Match2.2.5
ORxmlsoftlibxml2Match2.2.6
ORxmlsoftlibxml2Match2.2.7
ORxmlsoftlibxml2Match2.2.8
ORxmlsoftlibxml2Match2.2.9
ORxmlsoftlibxml2Match2.2.10
ORxmlsoftlibxml2Match2.2.11
ORxmlsoftlibxml2Match2.3.0
ORxmlsoftlibxml2Match2.3.1
ORxmlsoftlibxml2Match2.3.2
ORxmlsoftlibxml2Match2.3.3
ORxmlsoftlibxml2Match2.3.4
ORxmlsoftlibxml2Match2.3.5
ORxmlsoftlibxml2Match2.3.6
ORxmlsoftlibxml2Match2.3.7
ORxmlsoftlibxml2Match2.3.8
ORxmlsoftlibxml2Match2.3.9
ORxmlsoftlibxml2Match2.3.10
ORxmlsoftlibxml2Match2.3.11
ORxmlsoftlibxml2Match2.3.12
ORxmlsoftlibxml2Match2.3.13
ORxmlsoftlibxml2Match2.3.14
ORxmlsoftlibxml2Match2.4.1
ORxmlsoftlibxml2Match2.4.2
ORxmlsoftlibxml2Match2.4.3
ORxmlsoftlibxml2Match2.4.4
ORxmlsoftlibxml2Match2.4.5
ORxmlsoftlibxml2Match2.4.6
ORxmlsoftlibxml2Match2.4.7
ORxmlsoftlibxml2Match2.4.8
ORxmlsoftlibxml2Match2.4.9
ORxmlsoftlibxml2Match2.4.10
ORxmlsoftlibxml2Match2.4.11
ORxmlsoftlibxml2Match2.4.12
ORxmlsoftlibxml2Match2.4.13
ORxmlsoftlibxml2Match2.4.14
ORxmlsoftlibxml2Match2.4.15
ORxmlsoftlibxml2Match2.4.16
ORxmlsoftlibxml2Match2.4.17
ORxmlsoftlibxml2Match2.4.18
ORxmlsoftlibxml2Match2.4.19
ORxmlsoftlibxml2Match2.4.20
ORxmlsoftlibxml2Match2.4.21
ORxmlsoftlibxml2Match2.4.22
ORxmlsoftlibxml2Match2.4.23
ORxmlsoftlibxml2Match2.4.24
ORxmlsoftlibxml2Match2.4.25
ORxmlsoftlibxml2Match2.4.26
ORxmlsoftlibxml2Match2.4.27
ORxmlsoftlibxml2Match2.4.28
ORxmlsoftlibxml2Match2.4.29
ORxmlsoftlibxml2Match2.4.30
ORxmlsoftlibxml2Match2.5.0
ORxmlsoftlibxml2Match2.5.4
ORxmlsoftlibxml2Match2.5.7
ORxmlsoftlibxml2Match2.5.8
ORxmlsoftlibxml2Match2.5.10
ORxmlsoftlibxml2Match2.5.11
ORxmlsoftlibxml2Match2.6.0
ORxmlsoftlibxml2Match2.6.1
ORxmlsoftlibxml2Match2.6.2
ORxmlsoftlibxml2Match2.6.3
ORxmlsoftlibxml2Match2.6.4
ORxmlsoftlibxml2Match2.6.5
ORxmlsoftlibxml2Match2.6.6
ORxmlsoftlibxml2Match2.6.7
ORxmlsoftlibxml2Match2.6.8
ORxmlsoftlibxml2Match2.6.9
ORxmlsoftlibxml2Match2.6.11
ORxmlsoftlibxml2Match2.6.12
ORxmlsoftlibxml2Match2.6.13
ORxmlsoftlibxml2Match2.6.14
ORxmlsoftlibxml2Match2.6.16
ORxmlsoftlibxml2Match2.6.17
ORxmlsoftlibxml2Match2.6.18
ORxmlsoftlibxml2Match2.6.20
ORxmlsoftlibxml2Match2.6.22
ORxmlsoftlibxml2Match2.6.26
ORxmlsoftlibxml2Match2.6.27
ORxmlsoftlibxml2Match2.6.30
ORxmlsoftlibxml2Match2.6.32
ORxmlsoftlibxml2Match2.7.0
ORxmlsoftlibxml2Match2.7.1
ORxmlsoftlibxml2Match2.7.2
ORxmlsoftlibxml2Match2.7.3
ORxmlsoftlibxml2Match2.7.4
ORxmlsoftlibxml2Match2.7.5
ORxmlsoftlibxml2Match2.7.6
ORxmlsoftlibxml2Match2.7.7
ORxmlsoftlibxml2Match2.9.0rc1
Node
appleiphone_osRange≤6.1.4
ORappleiphone_osMatch1.0.0
ORappleiphone_osMatch1.0.1
ORappleiphone_osMatch1.0.2
ORappleiphone_osMatch1.1.0
ORappleiphone_osMatch1.1.1
ORappleiphone_osMatch1.1.2
ORappleiphone_osMatch1.1.3
ORappleiphone_osMatch1.1.4
ORappleiphone_osMatch1.1.5
ORappleiphone_osMatch2.0
ORappleiphone_osMatch2.0.0
ORappleiphone_osMatch2.0.1
ORappleiphone_osMatch2.0.2
ORappleiphone_osMatch2.1
ORappleiphone_osMatch2.1.1
ORappleiphone_osMatch2.2
ORappleiphone_osMatch2.2.1
ORappleiphone_osMatch3.0
ORappleiphone_osMatch3.0.1
ORappleiphone_osMatch3.1
ORappleiphone_osMatch3.1.2
ORappleiphone_osMatch3.1.3
ORappleiphone_osMatch3.2
ORappleiphone_osMatch3.2.1
ORappleiphone_osMatch3.2.2
ORappleiphone_osMatch4.0
ORappleiphone_osMatch4.0.1
ORappleiphone_osMatch4.0.2
ORappleiphone_osMatch4.1
ORappleiphone_osMatch4.2.1
ORappleiphone_osMatch4.2.5
ORappleiphone_osMatch4.2.8
ORappleiphone_osMatch4.3.0
ORappleiphone_osMatch4.3.1
ORappleiphone_osMatch4.3.2
ORappleiphone_osMatch4.3.3
ORappleiphone_osMatch4.3.5
ORappleiphone_osMatch5.0
ORappleiphone_osMatch5.0.1
ORappleiphone_osMatch5.1
ORappleiphone_osMatch5.1.1
ORappleiphone_osMatch6.0
ORappleiphone_osMatch6.0.1
ORappleiphone_osMatch6.0.2
ORappleiphone_osMatch6.1
ORappleiphone_osMatch6.1.2
ORappleiphone_osMatch6.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.0 | cpe:2.3:a:google:chrome:23.0.1271.0:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.1 | cpe:2.3:a:google:chrome:23.0.1271.1:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.2 | cpe:2.3:a:google:chrome:23.0.1271.2:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.3 | cpe:2.3:a:google:chrome:23.0.1271.3:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.4 | cpe:2.3:a:google:chrome:23.0.1271.4:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.5 | cpe:2.3:a:google:chrome:23.0.1271.5:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.6 | cpe:2.3:a:google:chrome:23.0.1271.6:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.7 | cpe:2.3:a:google:chrome:23.0.1271.7:*:*:*:*:*:*:* | |
| chrome | 23.0.1271.8 | cpe:2.3:a:google:chrome:23.0.1271.8:*:*:*:*:*:*:* |
References
git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d
googlechromereleases.blogspot.com/2012/11/stable-channel-update.html
lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html
lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
rhn.redhat.com/errata/RHSA-2012-1512.html
rhn.redhat.com/errata/RHSA-2013-0217.html
secunia.com/advisories/51448
secunia.com/advisories/54886
secunia.com/advisories/55568
support.apple.com/kb/HT5934
support.apple.com/kb/HT6001
www.debian.org/security/2012/dsa-2580
www.mandriva.com/security/advisories?name=MDVSA-2013:056
www.securityfocus.com/bid/56684
www.securitytracker.com/id?1027815
www.ubuntu.com/usn/USN-1656-1
bugzilla.redhat.com/show_bug.cgi?id=880466
code.google.com/p/chromium/issues/detail?id=158249
exchange.xforce.ibmcloud.com/vulnerabilities/80294
Related
openvas
openvas
Oracle: Security Advisory (ELSA-2012-1512)
2015-10-06 00:00:00
CentOS Update for libxml2 CESA-2012:1512 centos5
2012-12-04 00:00:00
Ubuntu Update for libxml2 USN-1656-1
2012-12-06 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : libxml2 (ELSA-2012-1512)
2013-07-12 00:00:00
VMware ESX / ESXi libxml2 RCE (VMSA-2013-0004) (remote check)
2016-03-04 00:00:00
vmware
vmware
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
VMware ESXi and ESX security update for third party library
2013-03-28 00:00:00
cvelist
cvelist
CVE-2012-5134
2012-11-28 01:00:00
redhat
redhat
(RHSA-2012:1512) Important: libxml2 security update
2012-11-29 00:00:00
(RHSA-2013:0217) Important: mingw32-libxml2 security update
2013-01-31 00:00:00
amazon
amazon
Important: libxml2
2012-12-06 21:22:00
ubuntucve
ubuntucve
CVE-2012-5134
2012-11-27 00:00:00
debiancve
debiancve
CVE-2012-5134
2012-11-28 01:55:01
oraclelinux
oraclelinux
libxml2 security update
2012-11-29 00:00:00
libxml2 security update
2013-02-28 00:00:00
mingw32-libxml2 security update
2013-01-31 00:00:00
slackware
slackware
[slackware-security] libxml2
2012-12-07 03:51:19
osv
osv
libxml2 - buffer overflow
2012-12-02 00:00:00
python-libxml2-2.9.4-1.4 on GA media
2024-06-15 00:00:00
libxml2-2-2.9.4-1.22 on GA media
2024-06-15 00:00:00
securityvulns
securityvulns
libxml2 buffer overflow
2012-12-06 00:00:00
Apple iTunes multiple security vulnerabilities
2014-01-29 00:00:00
APPLE-SA-2014-01-22-1 iTunes 11.1.4
2014-01-29 00:00:00
suse
suse
libxml2: fixed buffer overflow during decoding entities (important)
2012-12-17 12:08:33
Security update for libxml2 (important)
2012-12-12 17:09:09
libxml2: fixed buffer overflow during decoding entities (important)
2013-01-23 14:07:38
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 08:50:59
prion
prion
Heap overflow
2012-11-28 01:55:00
ubuntu
ubuntu
Libxml2 vulnerability
2012-12-06 00:00:00
centos
centos
libxml2 security update
2012-11-29 20:24:03
mingw32 security update
2013-02-01 00:53:30
nvd
nvd
CVE-2012-5134
2012-11-28 01:55:01
debian
debian
[SECURITY] [DSA 2580-1] libxml security update
2012-12-02 20:54:41
threatpost
threatpost
Apple's iOS 7 Update Fixes 80 Security Bugs
2013-09-19 12:53:59
Google Repairs High-Risk Flaw in Chrome
2012-11-27 17:07:25
freebsd
freebsd
chromium -- multiple vulnerabilities
2012-11-26 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2013-11-10 00:00:00
chrome
chrome
Stable Channel Update
2012-11-26 00:00:00
seebug
seebug
Google Chrome 23.0.1271.91之前版本多个远程漏洞
2012-11-27 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
9.7
Confidence
High
EPSS
0.044
Percentile
92.4%
Related for CVE-2012-5134