CVE-2011-1944
Published Sep 2, 2011
Last updated 8 years ago
Overview
- Description
- Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-189
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6948CD9-8489-46BA-9159-24C842490702"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35C43087-760E-482A-B34E-141A29AC57A4"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "669211F7-90EA-47AB-A787-34DD79DF8E25"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "025B16D8-1023-4D47-BADD-C1E838B47D88"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "320E691F-D417-4D81-A223-C46FEFFD908A"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98CF3A74-B9F8-4689-B81C-F579D827DA5C"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "798F7A01-F006-4589-82F8-943F81015693"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36940C55-BFD4-4C77-A26B-C0F273EAC2EC"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB8A074B-069A-4520-8E3C-AB614C31B68A"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87E895B9-5AF7-4A1F-B740-B3E13DE3254E"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC720A50-9EF5-4B73-86D1-AE87D402611E"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "464942E8-EDF3-4ECB-B907-FFCDBC9079C0"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1246C0E-DCAC-405E-ADCE-3D16D659C567"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5703D8EC-259B-49C3-AADE-916227DEB96F"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "184B40E3-28FD-49A4-9560-5E26293D7D08"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CCE8BBA-6721-4257-9F2E-23AEB104564E"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF2A3107-5F12-407E-9009-7F42B09299E4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D8F7811-88A2-4128-85C4-09B7B7DF64A1",
"versionEndIncluding": "1.8.16"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD5A61AA-C026-474A-AB95-4A7B35DC6842"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A63B4430-BB5E-4714-BA20-D793753ACA73"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E411F0BC-8E12-4BE6-8F32-DE0721970511"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7ACD7BA-720C-4640-9A91-E7D622D5FFF6"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "05F92712-AE3F-469C-8BCB-8EA84059D966"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E8338BB-C771-446E-8BBC-6874B38860F5"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C2884C3-09E9-4834-AF29-7CE1971B995F"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCE2E4F7-9AE2-4EA7-AE98-DF9F163BBA4A"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD00A9AB-101C-4964-BBD8-5EE782274B39"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB312CF5-3344-4D08-8BBE-E3F89841DE94"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF7C1F5B-89AE-42EF-B97F-A78D35BC1EB5"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "933140AC-DE87-450B-8564-1E409BD1F3A9"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E03BBCCC-2C76-4E02-B2BA-DE2D88FB879E"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "294EA917-6988-4E7C-A7CB-C4D6632F156E"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C291277E-D850-4E91-B01F-68E79C33007C"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02154B73-A784-41FD-A9DB-CEF4DAF21BD4"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA53FCD8-A7B0-4B90-AA57-4DCCD67C42D3"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AFFA818-2554-4D4E-8B1B-6BF40EC5FFED"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0044EBB-9A1F-4C84-839A-3D6FDCF594AE"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "856C07F8-62AC-4DEC-97A4-939A7658D751"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0CC31771-E410-4957-AD70-B6C248AAB98C"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "797FD325-0B42-46DA-AE60-4FAD16A51430"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB4429CD-315B-45B8-BFBE-7BB24906A4FC"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CB8C959-9D10-49C3-9069-FFF981A4EF0C"
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "931A0B86-34C0-4710-94AE-F8855083DC7D"
}
],
"operator": "OR"
}
]
}
]