Veracode Vulnerability DatabaseVERACODE:11429Denial Of Service (DoS)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
libxml2 is vulnerable to denial of service (DoS) attacks. The vulnerability exists as parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
References
ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz
ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz
git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
seclists.org/fulldisclosure/2014/Dec/23
secunia.com/advisories/54172
secunia.com/advisories/55568
www.debian.org/security/2013/dsa-2724
www.debian.org/security/2013/dsa-2779
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.securityfocus.com/archive/1/534161/100/0/threaded
www.securityfocus.com/bid/61050
www.ubuntu.com/usn/USN-1904-1
www.ubuntu.com/usn/USN-1904-2
www.vmware.com/security/advisories/VMSA-2014-0012.html
access.redhat.com/security/updates/classification/#moderate
code.google.com/p/chromium/issues/detail?id=229019
rhn.redhat.com/errata/RHSA-2014-0513.html
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P