Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2394-1
HistoryJan 27, 2012 - 12:00 a.m.

libxml2 - several

2012-01-2700:00:00
Google
osv.dev
10

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.058 Low

EPSS

Percentile

92.3%

JSON

Many security problems have been fixed in libxml2, a popular library to handle
XML data files.

JĂźri Aedla discovered a heap-based buffer overflow that allows remote attackers
to cause a denial of service or possibly have unspecified other impact via
unknown vectors.

An Off-by-one error have been discovered that allows remote attackers to
execute arbitrary code or cause a denial of service.

A memory corruption (double free) bug has been identified in libxml2’s XPath
engine. Through it, it is possible for an attacker to cause a denial of
service or possibly have unspecified other impact. This vulnerability does not
affect the oldstable distribution (lenny).

Yang Dingning discovered a double free vulnerability related to XPath handling.

An out-of-bounds read vulnerability had been discovered, which allows remote
attackers to cause a denial of service.

For the oldstable distribution (lenny), this problem has been fixed in
version 2.6.32.dfsg-5+lenny5.

For the stable distribution (squeeze), this problem has been fixed in
version 2.7.8.dfsg-2+squeeze2.

For the testing distribution (wheezy), this problem has been fixed in
version 2.7.8.dfsg-7.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.8.dfsg-7.

We recommend that you upgrade your libxml2 packages.

Related

nessus 57
openvas 67
ubuntu 1
debian 1
centos 4
redhat 7
oraclelinux 6
securityvulns 8
fedora 2
vmware 4
amazon 1
suse 4
veracode 5
gentoo 2
prion 5
cve 5
freebsd 3
debiancve 5
ubuntucve 5
seebug 2
threatpost 2
chrome 3
nessus
nessus
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerabilities (USN-1334-1)
2012-01-20 00:00:00
Debian DSA-2394-1 : libxml2 - several vulnerabilities
2012-01-27 00:00:00
RHEL 4 : libxml2 (RHSA-2012:0016)
2012-01-12 00:00:00
openvas
openvas
Ubuntu Update for libxml2 USN-1334-1
2012-01-20 00:00:00
Ubuntu: Security Advisory (USN-1334-1)
2012-01-20 00:00:00
Debian: Security Advisory (DSA-2394-1)
2012-02-11 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2012-01-19 00:00:00
debian
debian
[SECURITY] [DSA 2394-1] libxml2 security update
2012-01-26 22:46:37
centos
centos
libxml2 security update
2012-01-11 18:47:59
libxml2 security update
2012-01-11 19:19:14
libxml2 security update
2012-01-11 20:05:02
redhat
redhat
(RHSA-2012:0016) Important: libxml2 security update
2012-01-11 00:00:00
(RHSA-2012:0017) Important: libxml2 security update
2012-01-11 00:00:00
(RHSA-2012:0018) Important: libxml2 security update
2012-01-11 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2012-01-11 00:00:00
libxml2 security update
2012-01-11 00:00:00
libxml2 security update
2012-01-11 00:00:00
securityvulns
securityvulns
libxml library security vulnerabilities
2011-12-19 00:00:00
libxml2 memory corruption
2011-10-16 00:00:00
APPLE-SA-2012-09-24-1 Apple TV 5.1
2012-10-04 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libxml2-2.7.8-8.fc16
2012-09-27 04:35:19
[SECURITY] Fedora 17 Update: libxml2-2.7.8-9.fc17
2012-09-26 08:56:06
vmware
vmware
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware ESXi update to third party library
2012-07-12 00:00:00
VMware ESX updates to ESX Service Console
2012-04-26 00:00:00
amazon
amazon
Important: libxml2
2012-01-19 20:08:00
suse
suse
libxml2: fixing heap-based buffer overflow (CVE-2011-3919) (important)
2012-01-19 20:08:14
Security update for libxml2 (important)
2012-01-24 18:08:16
Security update for libxml2 (important)
2013-11-04 18:04:12
veracode
veracode
Heap-Based Buffer Overflow
2019-05-02 04:52:19
Denial Of Service (DoS)
2019-05-02 04:52:19
Out-Of-Bounds Read
2019-05-02 04:52:19
gentoo
gentoo
libxml2: User-assisted execution of arbitrary code
2012-02-29 00:00:00
libxml2: Multiple vulnerabilities
2011-10-26 00:00:00
prion
prion
Out-of-bounds
2011-12-13 21:55:00
Heap overflow
2012-01-07 11:55:00
Double free
2011-08-29 15:55:00
cve
cve
CVE-2011-3919
2012-01-07 11:55:00
CVE-2011-2821
2011-08-29 15:55:00
CVE-2011-3905
2011-12-13 21:55:00
freebsd
freebsd
libxml2 -- heap buffer overflow
2012-01-05 00:00:00
chromium -- multiple vulnerabilities
2012-01-05 00:00:00
chromium -- multiple vulnerabilities
2011-12-13 00:00:00
debiancve
debiancve
CVE-2011-2821
2011-08-29 15:55:00
CVE-2011-3919
2012-01-07 11:55:00
CVE-2011-3905
2011-12-13 21:55:00
ubuntucve
ubuntucve
CVE-2011-3919
2012-01-07 00:00:00
CVE-2011-2821
2011-08-29 00:00:00
CVE-2011-3905
2011-12-13 00:00:00
seebug
seebug
Apple Safari "libxml"远程代码执行漏洞
2011-12-08 00:00:00
Apple Safari 'libxml'远程代码执行漏洞
2011-07-25 00:00:00
threatpost
threatpost
Google Fixes Three High-Priority Bugs in Chrome
2012-01-06 12:41:22
Google Fixes 11 Flaws in Chrome 13.0.782.215
2011-08-23 11:16:36
chrome
chrome
Stable Channel Update
2012-01-05 00:00:00
Stable Channel Update
2011-08-22 00:00:00
Stable Channel Update
2011-12-13 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.058 Low

EPSS

Percentile

92.3%

JSON
Related for OSV:DSA-2394-1
nessus57openvas67ubuntu1debian1centos4redhat7oraclelinux6securityvulns8fedora2vmware4amazon1suse4veracode5gentoo2prion5cve5freebsd3debiancve5ubuntucve5seebug2threatpost2chrome3