Vulnerability Details : CVE-2011-1944
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2011-1944
- cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1944
0.71%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1944
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-1944
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1944
-
http://www.securityfocus.com/bid/48056
libxml2 Invalid XPath Multiple Memory Corruption VulnerabilitiesExploit
-
http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4
Fix some potential problems on reallocation failures (d7958b21) · Commits · GNOME / libxml2 · GitLabPatch
-
http://ubuntu.com/usn/usn-1153-1
USN-1153-1: libxml2 vulnerability | Ubuntu security notices
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
-
http://www.openwall.com/lists/oss-security/2011/05/31/8
oss-security - Re: CVE request: libxml vulnerability and interesting integer issuesExploit;Patch
-
http://support.apple.com/kb/HT5503
About the security content of iOS 6 - Apple Support
-
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Apple - Lists.apple.com
-
http://support.apple.com/kb/HT5281
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 - Apple Support
-
http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
Security: libxml vulnerability and interesting integer issuesPatch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:131
mandriva.com
-
http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html
openSUSE-SU-2011:0839-1: moderate: libxml2
-
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Oracle Critical Patch Update - January 2015
-
http://www.redhat.com/support/errata/RHSA-2011-1749.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=709747
709747 – (CVE-2011-1944) CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesetsExploit;Patch
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html
[SECURITY] Fedora 14 Update: libxml-1.8.17-27.fc14Exploit;Patch
-
http://rhn.redhat.com/errata/RHSA-2013-0217.html
RHSA-2013:0217 - Security Advisory - Red Hat Customer Portal
-
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
Apple - Lists.apple.com
-
http://www.debian.org/security/2011/dsa-2255
Debian -- Security Information -- DSA-2255-1 libxml2
Jump to