Lucene search

K

[email protected]CVE-2010-4008

HistoryNov 17, 2010 - 1:00 a.m.

CVE-2010-4008

2010-11-1701:00:00

CWE-119

[email protected]

web.nvd.nist.gov

43

libxml2

vulnerability

cve-2010-4008

google chrome

apple safari

xpath

denial of service

nvd

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.5%

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CPENameOperatorVersion
google:chromegoogle chromelt7.0.517.44
apple:iphone_osapple iphone oslt4.2
apple:mac_os_xapple mac os xlt10.6.7
apple:itunesapple ituneslt10.2
apple:safariapple safarilt5.0.4
xmlsoft:libxml2xmlsoft libxml2lt2.7.8
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq6.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq10.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

Rows per page:

1-10 of 241

References

blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/

code.google.com/p/chromium/issues/detail?id=58731

googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

mail.gnome.org/archives/xml/2010-November/msg00015.html

marc.info/?l=bugtraq&m=130331363227777&w=2

marc.info/?l=bugtraq&m=139447903326211&w=2

rhn.redhat.com/errata/RHSA-2013-0217.html

secunia.com/advisories/40775

secunia.com/advisories/42109

secunia.com/advisories/42175

secunia.com/advisories/42314

secunia.com/advisories/42429

support.apple.com/kb/HT4456

support.apple.com/kb/HT4554

support.apple.com/kb/HT4566

support.apple.com/kb/HT4581

www.debian.org/security/2010/dsa-2128

www.mandriva.com/security/advisories?name=MDVSA-2010:243

www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

www.redhat.com/support/errata/RHSA-2011-1749.html

www.securityfocus.com/bid/44779

www.ubuntu.com/usn/USN-1016-1

www.vupen.com/english/advisories/2010/3046

www.vupen.com/english/advisories/2010/3076

www.vupen.com/english/advisories/2010/3100

www.vupen.com/english/advisories/2011/0230

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

53.5%

Related for CVE-2010-4008

nessus39 openvas34 ubuntucve1 veracode1 osv1 securityvulns11 debiancve1 prion2 ubuntu1 debian2 cve1 gentoo1 oraclelinux3 redhat4 centos2 vmware4 freebsd1 tenable1