4.3

CVE-2010-4008

Exploit
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 7.0.517.44
AppleiTunes Version < 10.2
AppleSafari Version < 5.0.4
AppleiPhone OS Version < 4.2
ApplemacOS X Version < 10.6.7
XmlsoftLibxml2 Version < 2.7.8
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEditionlts
CanonicalUbuntu Linux Version10.10
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
OpensuseOpensuse Version11.3
SuseSuse Linux Enterprise Server Version10 Updatesp3
SuseSuse Linux Enterprise Server Version11 Update-
SuseSuse Linux Enterprise Server Version11 Updatesp1
ApacheOpenoffice Version >= 2.0.0 <= 2.4.3
ApacheOpenoffice Version >= 3.0.0 < 3.3.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.13% 0.863
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/42314
Third Party Advisory
http://support.apple.com/kb/HT4456
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3046
Permissions Required
http://marc.info/?l=bugtraq&m=130331363227777&w=2
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4581
Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4554
Third Party Advisory
http://support.apple.com/kb/HT4566
Third Party Advisory
http://secunia.com/advisories/40775
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0230
Permissions Required
http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html
Vendor Advisory
http://secunia.com/advisories/42109
Third Party Advisory
Vendor Advisory
http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/
Broken Link
http://code.google.com/p/chromium/issues/detail?id=58731
Patch
Vendor Advisory
Exploit
Issue Tracking
http://mail.gnome.org/archives/xml/2010-November/msg00015.html
Vendor Advisory
Mailing List
Release Notes
http://marc.info/?l=bugtraq&m=139447903326211&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0217.html
Third Party Advisory
http://secunia.com/advisories/42175
Third Party Advisory
Vendor Advisory
http://secunia.com/advisories/42429
Third Party Advisory
http://www.debian.org/security/2010/dsa-2128
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:243
Third Party Advisory
http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1749.html
Third Party Advisory
http://www.securityfocus.com/bid/44779
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1016-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3076
Permissions Required
http://www.vupen.com/english/advisories/2010/3100
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148
Third Party Advisory