CVE-2010-4008

MEDIUM

Description

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

References

http://blog.bkis.com/en/libxml2-vulnerability-in-google-chrome-and-apple-safari/

http://code.google.com/p/chromium/issues/detail?id=58731

http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html

http://mail.gnome.org/archives/xml/2010-November/msg00015.html

http://marc.info/?l=bugtraq&m=130331363227777&w=2

http://marc.info/?l=bugtraq&m=139447903326211&w=2

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/40775

http://secunia.com/advisories/42109

http://secunia.com/advisories/42175

http://secunia.com/advisories/42314

http://secunia.com/advisories/42429

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4566

http://support.apple.com/kb/HT4581

http://www.debian.org/security/2010/dsa-2128

http://www.mandriva.com/security/advisories?name=MDVSA-2010:243

http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html

http://www.redhat.com/support/errata/RHSA-2011-1749.html

http://www.securityfocus.com/bid/44779

http://www.ubuntu.com/usn/USN-1016-1

http://www.vupen.com/english/advisories/2010/3046

http://www.vupen.com/english/advisories/2010/3076

http://www.vupen.com/english/advisories/2010/3100

http://www.vupen.com/english/advisories/2011/0230

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12148

Details

Source: MITRE

Published: 2010-11-17

Updated: 2020-06-04

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (44 total)

IDNameProductFamilySeverity
89109VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)NessusMisc.
critical
89037VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)NessusMisc.
high
80687Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)NessusSolaris Local Security Checks
medium
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
75632openSUSE Security Update : libxml2 (openSUSE-SU-2010:1004-1)NessusSuSE Local Security Checks
medium
70884ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check)NessusMisc.
high
68721Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)NessusOracle Linux Local Security Checks
high
68429Oracle Linux 5 : libxml2 (ELSA-2012-0017)NessusOracle Linux Local Security Checks
high
64425Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)NessusScientific Linux Local Security Checks
high
64391RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)NessusRed Hat Local Security Checks
high
64384CentOS 6 : mingw32-libxml2 (CESA-2013:0217)NessusCentOS Local Security Checks
high
61217Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
61192Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59966VMSA-2012-0012 : VMware ESXi update to third-party libraryNessusVMware ESX Local Security Checks
high
58903VMSA-2012-0008 : VMware ESX updates to ESX Service ConsoleNessusVMware ESX Local Security Checks
high
57492RHEL 5 : libxml2 (RHSA-2012:0017)NessusRed Hat Local Security Checks
high
57487CentOS 5 : libxml2 (CESA-2012:0017)NessusCentOS Local Security Checks
high
57022RHEL 6 : libxml2 (RHSA-2011:1749)NessusRed Hat Local Security Checks
critical
56660GLSA-201110-26 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
53765openSUSE Security Update : libxml2 (openSUSE-SU-2010:1004-1)NessusSuSE Local Security Checks
medium
53680openSUSE Security Update : libxml2 (openSUSE-SU-2010:1004-1)NessusSuSE Local Security Checks
medium
53532HP System Management Homepage < 6.3 Multiple VulnerabilitiesNessusWeb Servers
critical
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
52753Mac OS X Multiple Vulnerabilities (Security Update 2011-001)NessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
801013Safari < 5.0.4 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5813Safari < 5.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
52613Safari < 5.0.4 Multiple VulnerabilitiesNessusWindows
high
52612Mac OS X : Apple Safari < 5.0.4NessusMacOS X Local Security Checks
high
5806iTunes < 10.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
52535Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
52534Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)NessusWindows
high
5745OpenOffice < 3.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
high
51773Oracle OpenOffice.org < 3.3 Multiple VulnerabilitiesNessusWindows
high
50969SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7214)NessusSuSE Local Security Checks
medium
50947SuSE 11 / 11.1 Security Update : libxml2 (SAT Patch Numbers 3460 / 3461)NessusSuSE Local Security Checks
medium
50864Debian DSA-2128-1 : libxml2 - invalid memory accessNessusDebian Local Security Checks
medium
50839Mandriva Linux Security Advisory : libxml2 (MDVSA-2010:243)NessusMandriva Local Security Checks
medium
5715Apple iOS < 4.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
50560Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : libxml2 vulnerability (USN-1016-1)NessusUbuntu Local Security Checks
medium
800908Google Chrome < 7.0.517.44 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5698Google Chrome < 7.0.517.44 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
50476Google Chrome < 7.0.517.44 Multiple VulnerabilitiesNessusWindows
high