9.3

CVE-2011-1944

Exploit
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version2.6.0
XmlsoftLibxml2 Version2.6.1
XmlsoftLibxml2 Version2.6.2
XmlsoftLibxml2 Version2.6.3
XmlsoftLibxml2 Version2.6.4
XmlsoftLibxml2 Version2.6.5
XmlsoftLibxml2 Version2.6.6
XmlsoftLibxml2 Version2.6.7
XmlsoftLibxml2 Version2.6.8
XmlsoftLibxml2 Version2.6.9
XmlsoftLibxml2 Version2.6.11
XmlsoftLibxml2 Version2.6.12
XmlsoftLibxml2 Version2.6.13
XmlsoftLibxml2 Version2.6.14
XmlsoftLibxml2 Version2.6.16
XmlsoftLibxml2 Version2.6.17
XmlsoftLibxml2 Version2.6.18
XmlsoftLibxml2 Version2.6.20
XmlsoftLibxml2 Version2.6.22
XmlsoftLibxml2 Version2.6.26
XmlsoftLibxml2 Version2.6.27
XmlsoftLibxml2 Version2.6.30
XmlsoftLibxml2 Version2.6.32
XmlsoftLibxml2 Version2.7.0
XmlsoftLibxml2 Version2.7.1
XmlsoftLibxml2 Version2.7.2
XmlsoftLibxml2 Version2.7.3
XmlsoftLibxml2 Version2.7.4
XmlsoftLibxml2 Version2.7.5
XmlsoftLibxml2 Version2.7.6
XmlsoftLibxml2 Version2.7.7
XmlsoftLibxml2 Version2.7.8
XmlsoftLibxml Version <= 1.8.16
XmlsoftLibxml Version1.5.0
XmlsoftLibxml Version1.6.0
XmlsoftLibxml Version1.6.1
XmlsoftLibxml Version1.6.2
XmlsoftLibxml Version1.7.0
XmlsoftLibxml Version1.7.1
XmlsoftLibxml Version1.7.2
XmlsoftLibxml Version1.7.3
XmlsoftLibxml Version1.7.4
XmlsoftLibxml Version1.8.0
XmlsoftLibxml Version1.8.1
XmlsoftLibxml Version1.8.2
XmlsoftLibxml Version1.8.3
XmlsoftLibxml Version1.8.4
XmlsoftLibxml Version1.8.5
XmlsoftLibxml Version1.8.6
XmlsoftLibxml Version1.8.7
XmlsoftLibxml Version1.8.8
XmlsoftLibxml Version1.8.9
XmlsoftLibxml Version1.8.10
XmlsoftLibxml Version1.8.11
XmlsoftLibxml Version1.8.12
XmlsoftLibxml Version1.8.13
XmlsoftLibxml Version1.8.14
XmlsoftLibxml Version1.8.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.73% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://www.redhat.com/support/errata/RHSA-2011-1749.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://support.apple.com/kb/HT5281
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://support.apple.com/kb/HT5503
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html
Patch
Exploit
http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html
http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
Patch
Vendor Advisory
http://secunia.com/advisories/44711
Vendor Advisory
http://ubuntu.com/usn/usn-1153-1
http://www.debian.org/security/2011/dsa-2255
http://www.mandriva.com/security/advisories?name=MDVSA-2011:131
http://www.openwall.com/lists/oss-security/2011/05/31/8
Patch
Exploit
http://www.osvdb.org/73248
http://www.securityfocus.com/bid/48056
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=709747
Patch
Exploit