Lucene search

[email protected]CVE-2013-1969

HistoryApr 25, 2013 - 11:55 p.m.

CVE-2013-1969

2013-04-2523:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve

2013

1969

use-after-free

vulnerabilities

libxml2

denial of service

crash

execute arbitrary code

buffer overflow

nvd

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.

CPENameOperatorVersion
xmlsoft:libxml2xmlsoft libxml2eq2.9.0

CPE	Name	Operator	Version
xmlsoft:libxml2	xmlsoft libxml2	eq	2.9.0

References

lists.opensuse.org/opensuse-updates/2013-04/msg00109.html

lists.opensuse.org/opensuse-updates/2013-06/msg00081.html

secunia.com/advisories/53061

www.openwall.com/lists/oss-security/2013/04/17/4

www.openwall.com/lists/oss-security/2013/04/19/1

www.ubuntu.com/usn/USN-1817-1

bugzilla.gnome.org/show_bug.cgi?id=690202

git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.9%

JSON

Related for CVE-2013-1969

prion2 nessus6 debiancve1 openvas5 veracode1 securityvulns2 ubuntu1 ubuntucve1 cve1 gentoo2 tenable1