CVE-2011-2834

2011-09-1912:02:00

CWE-415

[email protected]

web.nvd.nist.gov

cve-2011-2834

libxml2

google chrome

vulnerability

denial of service

remote attackers

xpath handling

nvd

7.9 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CPENameOperatorVersion
google:chromegoogle chromelt14.0.835.163
apple:iphone_osapple iphone oslt6.0
apple:mac_os_xapple mac os xlt10.7.4
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq7.0
debian:debian_linuxdebian debian linuxeq6.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq6.0
redhat:enterprise_linux_serverredhat enterprise linux servereq6.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq6.0
redhat:enterprise_linux_server_eusredhat enterprise linux server euseq6.3

CPE	Name	Operator	Version
google:chrome	google chrome	lt	14.0.835.163
apple:iphone_os	apple iphone os	lt	6.0
apple:mac_os_x	apple mac os x	lt	10.7.4
debian:debian_linux	debian debian linux	eq	5.0
debian:debian_linux	debian debian linux	eq	7.0
debian:debian_linux	debian debian linux	eq	6.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	6.0
redhat:enterprise_linux_server	redhat enterprise linux server	eq	6.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	6.0
redhat:enterprise_linux_server_eus	redhat enterprise linux server eus	eq	6.3