Lucene search

[email protected]NVD:CVE-2010-4008

HistoryNov 17, 2010 - 1:00 a.m.

CVE-2010-4008

2010-11-1701:00:02

CWE-119

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Affected configurations

NVD

Node

googlechromeRange<7.0.517.44

Node

appleitunesRange<10.2

applesafariRange<5.0.4

appleiphone_osRange<4.2

applemac_os_xRange<10.6.7

Node

xmlsoftlibxml2Range<2.7.8

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch10.10

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_eusMatch6.3

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch11.1

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

susesuse_linux_enterprise_serverMatch10sp3

susesuse_linux_enterprise_serverMatch11-

susesuse_linux_enterprise_serverMatch11sp1

Node

apacheopenofficeRange2.0.0–2.4.3

apacheopenofficeRange3.0.0–3.3.0

References

blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/

code.google.com/p/chromium/issues/detail?id=58731

googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

mail.gnome.org/archives/xml/2010-November/msg00015.html

marc.info/?l=bugtraq&m=130331363227777&w=2

marc.info/?l=bugtraq&m=139447903326211&w=2

rhn.redhat.com/errata/RHSA-2013-0217.html

secunia.com/advisories/40775

secunia.com/advisories/42109

secunia.com/advisories/42175

secunia.com/advisories/42314

secunia.com/advisories/42429

support.apple.com/kb/HT4456

support.apple.com/kb/HT4554

support.apple.com/kb/HT4566

support.apple.com/kb/HT4581

www.debian.org/security/2010/dsa-2128

www.mandriva.com/security/advisories?name=MDVSA-2010:243

www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

www.redhat.com/support/errata/RHSA-2011-1749.html

www.securityfocus.com/bid/44779

www.ubuntu.com/usn/USN-1016-1

www.vupen.com/english/advisories/2010/3046

www.vupen.com/english/advisories/2010/3076

www.vupen.com/english/advisories/2010/3100

www.vupen.com/english/advisories/2011/0230

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

7.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Related for NVD:CVE-2010-4008

nessus39 openvas34 debian2 cvelist1 cve2 ubuntucve1 securityvulns11 osv1 veracode1 debiancve1 prion2 ubuntu1 nvd1 gentoo1 redhat4 oraclelinux3 centos2 vmware4 freebsd1 tenable1