Lucene search

K
cveMitreCVE-2010-4494
HistoryDec 07, 2010 - 9:00 p.m.

CVE-2010-4494

2010-12-0721:00:09
CWE-415
mitre
web.nvd.nist.gov
108
cve-2010-4494
double free
libxml2
denial of service
remote attackers
xpath handling

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.004

Percentile

73.7%

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Affected configurations

Nvd
Node
googlechromeRange<8.0.552.215
Node
xmlsoftlibxml2Range≤2.7.8
Node
appleitunesRange<10.2
OR
applesafariRange<5.0.4
OR
appleiphone_osRange<4.3.0
OR
applemac_os_xRange<10.6.7
Node
opensuseopensuseMatch11.2
OR
opensuseopensuseMatch11.3
OR
susesuse_linux_enterprise_serverMatch11sp1
Node
fedoraprojectfedoraMatch14
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_eusMatch6.3
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_workstationMatch6.0
Node
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
Node
hpinsight_control_server_deployment
OR
hprapid_deployment_pack
Node
apacheopenofficeRange2.1.0–2.4.3
OR
apacheopenofficeRange3.0.0–3.3.0
VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
xmlsoftlibxml2*cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
appleitunes*cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
opensuseopensuse11.2cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
opensuseopensuse11.3cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
susesuse_linux_enterprise_server11cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*
fedoraprojectfedora14cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
Rows per page:
1-10 of 191

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

High

EPSS

0.004

Percentile

73.7%