cve-2011-1944
Vulnerability from cvelistv5
Published
2011-09-02 16:00
Modified
2024-08-06 22:46
Severity ?
Summary
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
References
secalert@redhat.comhttp://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4Patch
secalert@redhat.comhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2012/May/msg00001.html
secalert@redhat.comhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.htmlExploit, Patch
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0217.html
secalert@redhat.comhttp://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/44711Vendor Advisory
secalert@redhat.comhttp://support.apple.com/kb/HT5281
secalert@redhat.comhttp://support.apple.com/kb/HT5503
secalert@redhat.comhttp://ubuntu.com/usn/usn-1153-1
secalert@redhat.comhttp://www.debian.org/security/2011/dsa-2255
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:131
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2011/05/31/8Exploit, Patch
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
secalert@redhat.comhttp://www.osvdb.org/73248
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2011-1749.html
secalert@redhat.comhttp://www.securityfocus.com/bid/48056Exploit
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=709747Exploit, Patch
Impacted products
n/an/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48056",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48056"
          },
          {
            "name": "44711",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44711"
          },
          {
            "name": "MDVSA-2011:131",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:131"
          },
          {
            "name": "HPSBMU02786",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "openSUSE-SU-2011:0839",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4"
          },
          {
            "name": "APPLE-SA-2012-09-19-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5503"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"
          },
          {
            "name": "RHSA-2013:0217",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
          },
          {
            "name": "RHSA-2011:1749",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
          },
          {
            "name": "DSA-2255",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2255"
          },
          {
            "name": "73248",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/73248"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html"
          },
          {
            "name": "FEDORA-2011-7856",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html"
          },
          {
            "name": "SSRT100877",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
          },
          {
            "name": "[oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2011/05/31/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "name": "APPLE-SA-2012-05-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          },
          {
            "name": "USN-1153-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-1153-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-15T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "48056",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48056"
        },
        {
          "name": "44711",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44711"
        },
        {
          "name": "MDVSA-2011:131",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:131"
        },
        {
          "name": "HPSBMU02786",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "openSUSE-SU-2011:0839",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4"
        },
        {
          "name": "APPLE-SA-2012-09-19-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5503"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"
        },
        {
          "name": "RHSA-2013:0217",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
        },
        {
          "name": "RHSA-2011:1749",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
        },
        {
          "name": "DSA-2255",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2255"
        },
        {
          "name": "73248",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/73248"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html"
        },
        {
          "name": "FEDORA-2011-7856",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html"
        },
        {
          "name": "SSRT100877",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
        },
        {
          "name": "[oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2011/05/31/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5281"
        },
        {
          "name": "APPLE-SA-2012-05-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
        },
        {
          "name": "USN-1153-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-1153-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-1944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48056",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48056"
            },
            {
              "name": "44711",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44711"
            },
            {
              "name": "MDVSA-2011:131",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:131"
            },
            {
              "name": "HPSBMU02786",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "openSUSE-SU-2011:0839",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html"
            },
            {
              "name": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4",
              "refsource": "CONFIRM",
              "url": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4"
            },
            {
              "name": "APPLE-SA-2012-09-19-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5503",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5503"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=709747",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"
            },
            {
              "name": "RHSA-2013:0217",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"
            },
            {
              "name": "RHSA-2011:1749",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
            },
            {
              "name": "DSA-2255",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2255"
            },
            {
              "name": "73248",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/73248"
            },
            {
              "name": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html",
              "refsource": "MISC",
              "url": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html"
            },
            {
              "name": "FEDORA-2011-7856",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html"
            },
            {
              "name": "SSRT100877",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
            },
            {
              "name": "[oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2011/05/31/8"
            },
            {
              "name": "http://support.apple.com/kb/HT5281",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5281"
            },
            {
              "name": "APPLE-SA-2012-05-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
            },
            {
              "name": "USN-1153-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-1153-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-1944",
    "datePublished": "2011-09-02T16:00:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.842Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-1944\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2011-09-02T16:55:03.553\",\"lastModified\":\"2016-06-17T01:59:08.787\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en xpath.c en libxml2 v2.6.x hasta v2.6.32 y v2.7.x hasta v2.7.8, y libxml v1.8.16 y anteriores, permite a atacantes dependientes del contexto, provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo XML modificado que provoca un desbordamiento de buffer basado en memoria din\u00e1mica cuando se a\u00f1ade un nuevo espacio de nombres al nodo, relacionado con la manipulaci\u00f3n de expresiones XPath.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":9.3},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6948CD9-8489-46BA-9159-24C842490702\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C43087-760E-482A-B34E-141A29AC57A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"669211F7-90EA-47AB-A787-34DD79DF8E25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"025B16D8-1023-4D47-BADD-C1E838B47D88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"320E691F-D417-4D81-A223-C46FEFFD908A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB8BEC58-AB2A-4953-A2E8-338EB894A494\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABDE6C9A-4F24-42B4-8AA3-3EBC97190322\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44FB2813-BE9F-46A8-864B-435D883CA0FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9DF1336-F831-4507-B45E-574BDE8AA8BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33268B2F-3591-48D9-B123-92E3ABF157F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0830367A-9FB3-4291-88C0-38A471DFD22B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5815E25-5305-4A32-81B3-89DB1D5C1AC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CF3A74-B9F8-4689-B81C-F579D827DA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798F7A01-F006-4589-82F8-943F81015693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36940C55-BFD4-4C77-A26B-C0F273EAC2EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D8135B1-FB22-4755-A5ED-CDB16E3E85A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B4685BF-394A-4426-980A-2B1D37737C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB8A074B-069A-4520-8E3C-AB614C31B68A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7069A49C-038C-4E7B-AF03-4D90D5734414\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87E895B9-5AF7-4A1F-B740-B3E13DE3254E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC720A50-9EF5-4B73-86D1-AE87D402611E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"464942E8-EDF3-4ECB-B907-FFCDBC9079C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1246C0E-DCAC-405E-ADCE-3D16D659C567\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5703D8EC-259B-49C3-AADE-916227DEB96F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184B40E3-28FD-49A4-9560-5E26293D7D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CCE8BBA-6721-4257-9F2E-23AEB104564E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF2A3107-5F12-407E-9009-7F42B09299E4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.8.16\",\"matchCriteriaId\":\"8D8F7811-88A2-4128-85C4-09B7B7DF64A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD5A61AA-C026-474A-AB95-4A7B35DC6842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A63B4430-BB5E-4714-BA20-D793753ACA73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E411F0BC-8E12-4BE6-8F32-DE0721970511\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7ACD7BA-720C-4640-9A91-E7D622D5FFF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05F92712-AE3F-469C-8BCB-8EA84059D966\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E8338BB-C771-446E-8BBC-6874B38860F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C2884C3-09E9-4834-AF29-7CE1971B995F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCE2E4F7-9AE2-4EA7-AE98-DF9F163BBA4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD00A9AB-101C-4964-BBD8-5EE782274B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB312CF5-3344-4D08-8BBE-E3F89841DE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7C1F5B-89AE-42EF-B97F-A78D35BC1EB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"933140AC-DE87-450B-8564-1E409BD1F3A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E03BBCCC-2C76-4E02-B2BA-DE2D88FB879E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294EA917-6988-4E7C-A7CB-C4D6632F156E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C291277E-D850-4E91-B01F-68E79C33007C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02154B73-A784-41FD-A9DB-CEF4DAF21BD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA53FCD8-A7B0-4B90-AA57-4DCCD67C42D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AFFA818-2554-4D4E-8B1B-6BF40EC5FFED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0044EBB-9A1F-4C84-839A-3D6FDCF594AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"856C07F8-62AC-4DEC-97A4-939A7658D751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CC31771-E410-4957-AD70-B6C248AAB98C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797FD325-0B42-46DA-AE60-4FAD16A51430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB4429CD-315B-45B8-BFBE-7BB24906A4FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CB8C959-9D10-49C3-9069-FFF981A4EF0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931A0B86-34C0-4710-94AE-F8855083DC7D\"}]}]}],\"references\":[{\"url\":\"http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/May/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0217.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/44711\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT5281\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT5503\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://ubuntu.com/usn/usn-1153-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2011/dsa-2255\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2011:131\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2011/05/31/8\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/73248\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-1749.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/48056\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=709747\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.