Vulnerability Details : CVE-2013-2877
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.
Vulnerability category: Denial of service
Products affected by CVE-2013-2877
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.62:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.50:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.25:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.24:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.16:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.64:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.63:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.26:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.66:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.29:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.28:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.12:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:28.0.1500.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:*:rc1:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.8.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-2877
0.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-2877
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2013-2877
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2877
-
http://www.ubuntu.com/usn/USN-1904-1
USN-1904-1: libxml2 vulnerabilities | Ubuntu security notices
-
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
VMSA-2014-0012.1
-
http://secunia.com/advisories/55568
Sign in
-
http://www.debian.org/security/2013/dsa-2779
Debian -- Security Information -- DSA-2779-1 libxml2
-
http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html
openSUSE-SU-2013:1221-1: moderate: libxml2 to fix out of bounds reads
-
http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
chromium Git repositories - Git at Google
-
http://seclists.org/fulldisclosure/2014/Dec/23
Full Disclosure: NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-
http://www.debian.org/security/2013/dsa-2724
Debian -- Security Information -- DSA-2724-1 chromium-browser
-
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Oracle Critical Patch Update - January 2015
-
http://www.ubuntu.com/usn/USN-1904-2
USN-1904-2: libxml2 regression | Ubuntu security notices
-
ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz
-
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
[security-announce] SUSE-SU-2013:1627-1: important: Security update for
-
https://code.google.com/p/chromium/issues/detail?id=229019
229019 - Input pointer corruption in xmlParseTryOrFinish - chromium - Monorail
-
http://www.securityfocus.com/archive/1/534161/100/0/threaded
SecurityFocus
-
http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1
chromium Git repositories - Git at Google
-
http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html
Chrome Releases: Stable Channel Update
-
http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html
openSUSE-SU-2013:1246-1: moderate: libxml2 to fix out of bounds reads
-
http://secunia.com/advisories/54172
Sign in
-
http://www.securityfocus.com/bid/61050
Google Chrome CVE-2013-2877 Out of Bounds Denial of Service Vulnerability
Jump to