CVE-2011-1944

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 13 years ago

2011-09-02 16:55:00

Last updated 8 years ago

2016-06-17 01:59:00

Affected Software

XMLSoft Libxml2 2.6.0

2.6.0

XMLSoft Libxml2 2.6.1

2.6.1

XMLSoft Libxml2 2.6.2

2.6.2

XMLSoft Libxml2 2.6.3

2.6.3

XMLSoft Libxml2 2.6.4

2.6.4

XMLSoft Libxml2 2.6.5

2.6.5

XMLSoft Libxml2 2.6.6

2.6.6

XMLSoft Libxml2 2.6.7

2.6.7

XMLSoft Libxml2 2.6.8

2.6.8

XMLSoft Libxml2 2.6.9

2.6.9

XMLSoft Libxml2 2.6.11

2.6.11

XMLSoft Libxml2 2.6.12

2.6.12

XMLSoft Libxml2 2.6.13

2.6.13

XMLSoft Libxml2 2.6.14

2.6.14

Xmlsoft Libxml2 2.6.16

2.6.16

XMLSoft Libxml2 2.6.17

2.6.17

XMLSoft Libxml2 2.6.18

2.6.18

XMLSoft Libxml2 2.6.20

2.6.20

XMLSoft Libxml2 2.6.22

2.6.22

XMLSoft Libxml2 2.6.26

2.6.26

XMLSoft Libxml2 2.6.27

2.6.27

XMLSoft Libxml2 2.6.30

2.6.30

XMLSoft Libxml2 2.6.32

2.6.32

XMLSoft Libxml2 2.7.0

2.7.0

XMLSoft Libxml2 2.7.1

2.7.1

XMLSoft Libxml2 2.7.2

2.7.2

XMLSoft Libxml2 2.7.3

2.7.3

XMLSoft Libxml2 2.7.4

2.7.4

XMLSoft Libxml2 2.7.5

2.7.5

XMLSoft Libxml2 2.7.6

2.7.6

XMLSoft Libxml2 2.7.7

2.7.7

XMLSoft Libxml2 2.7.8

2.7.8

References

http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4

Patch

HPSBMU02786

APPLE-SA-2012-05-09-1

APPLE-SA-2012-09-19-1

FEDORA-2011-7856

Exploit, Patch

openSUSE-SU-2011:0839

RHSA-2013:0217

http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

Patch, Vendor Advisory

44711

Vendor Advisory

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

USN-1153-1

DSA-2255

MDVSA-2011:131

[oss-security] 20110531 Re: CVE request: libxml vulnerability and interesting integer issues

Exploit, Patch

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

73248

RHSA-2011:1749

48056

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=709747

Exploit, Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.