Veracode Vulnerability DatabaseVERACODE:14443Denial Of Service (DoS) Through Double Free
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
mingw32-libxml2 is vulnerable to denial of service (DoS). It is possible because it does not prevent parsing of malicious libxml2 with certain XPath (XML Path Language) expressions, causing an application to crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mingw32-libxml2 | eq | 2.7.6__3.el6 | |
| mingw32-libxml2 | eq | 2.7.6__2.el6 | |
| libxml2 | eq | 2.6.26__2.1.2.8.el5_5.1 | |
| libxml2 | eq | 2.7.6__1.el6 |
References
code.google.com/p/chromium/issues/detail?id=93472
googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html
h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
osvdb.org/75560
rhn.redhat.com/errata/RHSA-2013-0217.html
support.apple.com/kb/HT5281
support.apple.com/kb/HT5503
www.debian.org/security/2012/dsa-2394
www.mandriva.com/security/advisories?name=MDVSA-2011:145
www.redhat.com/support/errata/RHSA-2011-1749.html
access.redhat.com/security/updates/classification/#important
exchange.xforce.ibmcloud.com/vulnerabilities/69885
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410
rhn.redhat.com/errata/RHSA-2013-0217.html
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P