CVE-2011-1944

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Published at
2011-09-02T16:55Z
4481 days ago
Modified
2016-06-17T01:59Z
2732 days ago
CWE-189
Problem type

References


URLType
openSUSE-SU-2011:0839
http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html
SUSE
USN-1153-1
http://ubuntu.com/usn/usn-1153-1
UBUNTU
scarybeastsecurity.blogspot.com
http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
MISC
DSA-2255
http://www.debian.org/security/2011/dsa-2255
DEBIAN
git.gnome.org
http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
CONFIRM
44711
http://secunia.com/advisories/44711
SECUNIA
[oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues
http://www.openwall.com/lists/oss-security/2011/05/31/8
MLIST
73248
http://www.osvdb.org/73248
OSVDB
FEDORA-2011-7856
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html
FEDORA
48056
http://www.securityfocus.com/bid/48056
BID
bugzilla.redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=709747
CONFIRM
MDVSA-2011:131
http://www.mandriva.com/security/advisories?name=MDVSA-2011:131
MANDRIVA
RHSA-2011:1749
http://www.redhat.com/support/errata/RHSA-2011-1749.html
REDHAT
support.apple.com
http://support.apple.com/kb/HT5281
CONFIRM
APPLE-SA-2012-05-09-1
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
APPLE
HPSBMU02786
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
HP
support.apple.com
http://support.apple.com/kb/HT5503
CONFIRM
APPLE-SA-2012-09-19-1
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
APPLE
RHSA-2013:0217
http://rhn.redhat.com/errata/RHSA-2013-0217.html
REDHAT
www.oracle.com
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
CONFIRM

GET https://vulnerabilitydata.com/api/details/CVE-2011-1944

{
	"id": "CVE-2011-1944",
	"published_date": "2011-09-02T16:55Z",
	"last_modified_date": "2016-06-17T01:59Z",
	"assigner": "secalert@redhat.com",
	"description": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.",
	"references": [
		{
			"url": "http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html",
			"name": "openSUSE-SU-2011:0839",
			"refsource": "SUSE",
			"tags": []
		},
		{
			"url": "http://ubuntu.com/usn/usn-1153-1",
			"name": "USN-1153-1",
			"refsource": "UBUNTU",
			"tags": []
		},
		{
			"url": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html",
			"name": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html",
			"refsource": "MISC",
			"tags": [
				"Patch",
				"Vendor Advisory"
			]
		},
		{
			"url": "http://www.debian.org/security/2011/dsa-2255",
			"name": "DSA-2255",
			"refsource": "DEBIAN",
			"tags": []
		},
		{
			"url": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4",
			"name": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4",
			"refsource": "CONFIRM",
			"tags": [
				"Patch"
			]
		},
		{
			"url": "http://secunia.com/advisories/44711",
			"name": "44711",
			"refsource": "SECUNIA",
			"tags": [
				"Vendor Advisory"
			]
		},
		{
			"url": "http://www.openwall.com/lists/oss-security/2011/05/31/8",
			"name": "[oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues",
			"refsource": "MLIST",
			"tags": [
				"Exploit",
				"Patch"
			]
		},
		{
			"url": "http://www.osvdb.org/73248",
			"name": "73248",
			"refsource": "OSVDB",
			"tags": []
		},
		{
			"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html",
			"name": "FEDORA-2011-7856",
			"refsource": "FEDORA",
			"tags": [
				"Exploit",
				"Patch"
			]
		},
		{
			"url": "http://www.securityfocus.com/bid/48056",
			"name": "48056",
			"refsource": "BID",
			"tags": [
				"Exploit"
			]
		},
		{
			"url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747",
			"name": "https://bugzilla.redhat.com/show_bug.cgi?id=709747",
			"refsource": "CONFIRM",
			"tags": [
				"Exploit",
				"Patch"
			]
		},
		{
			"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:131",
			"name": "MDVSA-2011:131",
			"refsource": "MANDRIVA",
			"tags": []
		},
		{
			"url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html",
			"name": "RHSA-2011:1749",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://support.apple.com/kb/HT5281",
			"name": "http://support.apple.com/kb/HT5281",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html",
			"name": "APPLE-SA-2012-05-09-1",
			"refsource": "APPLE",
			"tags": []
		},
		{
			"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
			"name": "HPSBMU02786",
			"refsource": "HP",
			"tags": []
		},
		{
			"url": "http://support.apple.com/kb/HT5503",
			"name": "http://support.apple.com/kb/HT5503",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html",
			"name": "APPLE-SA-2012-09-19-1",
			"refsource": "APPLE",
			"tags": []
		},
		{
			"url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html",
			"name": "RHSA-2013:0217",
			"refsource": "REDHAT",
			"tags": []
		},
		{
			"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
			"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
			"refsource": "CONFIRM",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
				"accessVector": "NETWORK",
				"accessComplexity": "MEDIUM",
				"authentication": "NONE",
				"confidentialityImpact": "COMPLETE",
				"integrityImpact": "COMPLETE",
				"availabilityImpact": "COMPLETE",
				"baseScore": 9.3
			},
			"severity": "HIGH",
			"exploitabilityScore": 8.6,
			"impactScore": 10,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": true
		}
	},
	"problem_type": "CWE-189"
}