CVE-2011-2834

MEDIUM

Description

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

References

http://code.google.com/p/chromium/issues/detail?id=93472

http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://osvdb.org/75560

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

http://www.debian.org/security/2012/dsa-2394

http://www.mandriva.com/security/advisories?name=MDVSA-2011:145

http://www.redhat.com/support/errata/RHSA-2011-1749.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/69885

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410

Details

Source: MITRE

Published: 2011-09-19

Updated: 2020-05-08

Type: CWE-415

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (42 total)

IDNameProductFamilySeverity
89109VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)NessusMisc.
critical
89037VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)NessusMisc.
high
80688Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of)NessusSolaris Local Security Checks
high
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
75936openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)NessusSuSE Local Security Checks
high
75635openSUSE Security Update : libxml2 (openSUSE-SU-2012:0073-1)NessusSuSE Local Security Checks
high
70884ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check)NessusMisc.
high
68721Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)NessusOracle Linux Local Security Checks
high
68429Oracle Linux 5 : libxml2 (ELSA-2012-0017)NessusOracle Linux Local Security Checks
high
68428Oracle Linux 4 : libxml2 (ELSA-2012-0016)NessusOracle Linux Local Security Checks
high
64425Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)NessusScientific Linux Local Security Checks
high
64391RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)NessusRed Hat Local Security Checks
high
64384CentOS 6 : mingw32-libxml2 (CESA-2013:0217)NessusCentOS Local Security Checks
high
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
62324Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824)NessusFedora Local Security Checks
high
62323Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820)NessusFedora Local Security Checks
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
61217Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
61216Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
61192Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
critical
59966VMSA-2012-0012 : VMware ESXi update to third-party libraryNessusVMware ESX Local Security Checks
high
59851HP System Management Homepage < 7.1.1 Multiple VulnerabilitiesNessusWeb Servers
critical
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59067Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)NessusMacOS X Local Security Checks
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
58903VMSA-2012-0008 : VMware ESX updates to ESX Service ConsoleNessusVMware ESX Local Security Checks
high
57702Debian DSA-2394-1 : libxml2 - several vulnerabilitiesNessusDebian Local Security Checks
high
57615Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerabilities (USN-1334-1)NessusUbuntu Local Security Checks
high
57531SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5489)NessusSuSE Local Security Checks
high
57492RHEL 5 : libxml2 (RHSA-2012:0017)NessusRed Hat Local Security Checks
high
57491RHEL 4 : libxml2 (RHSA-2012:0016)NessusRed Hat Local Security Checks
high
57487CentOS 5 : libxml2 (CESA-2012:0017)NessusCentOS Local Security Checks
high
57486CentOS 4 : libxml2 (CESA-2012:0016)NessusCentOS Local Security Checks
high
57022RHEL 6 : libxml2 (RHSA-2011:1749)NessusRed Hat Local Security Checks
critical
56686GLSA-201111-01 : Chromium, V8: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
56660GLSA-201110-26 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
56429Mandriva Linux Security Advisory : libxml2 (MDVSA-2011:145)NessusMandriva Local Security Checks
high
800955Google Chrome < 14.0.835.163 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6024Google Chrome < 14.0.835.163 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
56230Google Chrome < 14.0.835.163 Multiple VulnerabilitiesNessusWindows
high
51069FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)NessusFreeBSD Local Security Checks
critical