Lucene search

[email protected]NVD:CVE-2011-1944

HistorySep 02, 2011 - 4:55 p.m.

CVE-2011-1944

2011-09-0216:55:03

CWE-189

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.0%

JSON

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Affected configurations

NVD

Node

xmlsoftlibxml2Match2.6.0

xmlsoftlibxml2Match2.6.1

xmlsoftlibxml2Match2.6.2

xmlsoftlibxml2Match2.6.3

xmlsoftlibxml2Match2.6.4

xmlsoftlibxml2Match2.6.5

xmlsoftlibxml2Match2.6.6

xmlsoftlibxml2Match2.6.7

xmlsoftlibxml2Match2.6.8

xmlsoftlibxml2Match2.6.9

xmlsoftlibxml2Match2.6.11

xmlsoftlibxml2Match2.6.12

xmlsoftlibxml2Match2.6.13

xmlsoftlibxml2Match2.6.14

xmlsoftlibxml2Match2.6.16

xmlsoftlibxml2Match2.6.17

xmlsoftlibxml2Match2.6.18

xmlsoftlibxml2Match2.6.20

xmlsoftlibxml2Match2.6.22

xmlsoftlibxml2Match2.6.26

xmlsoftlibxml2Match2.6.27

xmlsoftlibxml2Match2.6.30

xmlsoftlibxml2Match2.6.32

Node

xmlsoftlibxml2Match2.7.0

xmlsoftlibxml2Match2.7.1

xmlsoftlibxml2Match2.7.2

xmlsoftlibxml2Match2.7.3

xmlsoftlibxml2Match2.7.4

xmlsoftlibxml2Match2.7.5

xmlsoftlibxml2Match2.7.6

xmlsoftlibxml2Match2.7.7

xmlsoftlibxml2Match2.7.8

Node

xmlsoftlibxmlRange≤1.8.16

xmlsoftlibxmlMatch1.5.0

xmlsoftlibxmlMatch1.6.0

xmlsoftlibxmlMatch1.6.1

xmlsoftlibxmlMatch1.6.2

xmlsoftlibxmlMatch1.7.0

xmlsoftlibxmlMatch1.7.1

xmlsoftlibxmlMatch1.7.2

xmlsoftlibxmlMatch1.7.3

xmlsoftlibxmlMatch1.7.4

xmlsoftlibxmlMatch1.8.0

xmlsoftlibxmlMatch1.8.1

xmlsoftlibxmlMatch1.8.2

xmlsoftlibxmlMatch1.8.3

xmlsoftlibxmlMatch1.8.4

xmlsoftlibxmlMatch1.8.5

xmlsoftlibxmlMatch1.8.6

xmlsoftlibxmlMatch1.8.7

xmlsoftlibxmlMatch1.8.8

xmlsoftlibxmlMatch1.8.9

xmlsoftlibxmlMatch1.8.10

xmlsoftlibxmlMatch1.8.11

xmlsoftlibxmlMatch1.8.12

xmlsoftlibxmlMatch1.8.13

xmlsoftlibxmlMatch1.8.14

xmlsoftlibxmlMatch1.8.15

References

git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html

lists.opensuse.org/opensuse-updates/2011-07/msg00035.html

rhn.redhat.com/errata/RHSA-2013-0217.html

scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

secunia.com/advisories/44711

support.apple.com/kb/HT5281

support.apple.com/kb/HT5503

ubuntu.com/usn/usn-1153-1

www.debian.org/security/2011/dsa-2255

www.mandriva.com/security/advisories?name=MDVSA-2011:131

www.openwall.com/lists/oss-security/2011/05/31/8

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.osvdb.org/73248

www.redhat.com/support/errata/RHSA-2011-1749.html

www.securityfocus.com/bid/48056

bugzilla.redhat.com/show_bug.cgi?id=709747

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for NVD:CVE-2011-1944

openvas38 freebsd1 nessus40 fedora4 veracode1 ubuntucve1 cvelist2 prion2 ubuntu1 debiancve1 cve2 securityvulns8 nvd1 oraclelinux5 gentoo1 centos2 thn1 redhat4 vmware4 tenable1 oracle1