CVE-2011-3919

HIGH

Description

Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

References

http://code.google.com/p/chromium/issues/detail?id=107128

http://googlechromereleases.blogspot.com/2012/01/stable-channel-update.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/47449

http://secunia.com/advisories/55568

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

http://www.debian.org/security/2012/dsa-2394

http://www.mandriva.com/security/advisories?name=MDVSA-2012:005

http://www.securityfocus.com/bid/51300

http://www.securitytracker.com/id?1026487

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14504

Details

Source: MITRE

Published: 2012-01-07

Updated: 2020-05-07

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (48 total)

IDNameProductFamilySeverity
89109VMware ESX Service Console Multiple Vulnerabilities (VMSA-2012-0008) (remote check)NessusMisc.
critical
89037VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check)NessusMisc.
high
83599SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1)NessusSuSE Local Security Checks
high
80688Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of)NessusSolaris Local Security Checks
high
79283RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)NessusRed Hat Local Security Checks
high
75937openSUSE Security Update : libxml2 (openSUSE-SU-2012:0107-1)NessusSuSE Local Security Checks
high
75636openSUSE Security Update : libxml2 (openSUSE-SU-2012:0107-1)NessusSuSE Local Security Checks
high
74543openSUSE Security Update : chromium / v8 (openSUSE-2012-107)NessusSuSE Local Security Checks
high
70884ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check)NessusMisc.
high
69643Amazon Linux AMI : libxml2 (ALAS-2012-36)NessusAmazon Linux Local Security Checks
high
68721Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217)NessusOracle Linux Local Security Checks
high
68430Oracle Linux 6 : libxml2 (ELSA-2012-0018)NessusOracle Linux Local Security Checks
high
68429Oracle Linux 5 : libxml2 (ELSA-2012-0017)NessusOracle Linux Local Security Checks
high
68428Oracle Linux 4 : libxml2 (ELSA-2012-0016)NessusOracle Linux Local Security Checks
high
64425Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131)NessusScientific Linux Local Security Checks
high
64391RHEL 6 : mingw32-libxml2 (RHSA-2013:0217)NessusRed Hat Local Security Checks
high
64384CentOS 6 : mingw32-libxml2 (CESA-2013:0217)NessusCentOS Local Security Checks
high
64026RHEL 5 : libxml2 (RHSA-2012:0104)NessusRed Hat Local Security Checks
high
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
62324Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824)NessusFedora Local Security Checks
high
62323Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820)NessusFedora Local Security Checks
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
61218Scientific Linux Security Update : libxml2 on SL6.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
61217Scientific Linux Security Update : libxml2 on SL5.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
61216Scientific Linux Security Update : libxml2 on SL4.x i386/x86_64 (20120111)NessusScientific Linux Local Security Checks
high
59966VMSA-2012-0012 : VMware ESXi update to third-party libraryNessusVMware ESX Local Security Checks
high
6482Mac OS X 10.7 < 10.7.4 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
59067Mac OS X Multiple Vulnerabilities (Security Update 2012-002) (BEAST)NessusMacOS X Local Security Checks
critical
59066Mac OS X 10.7.x < 10.7.4 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
58903VMSA-2012-0008 : VMware ESX updates to ESX Service ConsoleNessusVMware ESX Local Security Checks
high
58175GLSA-201202-09 : libxml2: User-assisted execution of arbitrary codeNessusGentoo Local Security Checks
high
58137FreeBSD : libxml2 -- heap buffer overflow (57f1a624-6197-11e1-b98c-bcaec565249c)NessusFreeBSD Local Security Checks
high
57702Debian DSA-2394-1 : libxml2 - several vulnerabilitiesNessusDebian Local Security Checks
high
57684SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7929)NessusSuSE Local Security Checks
high
57682SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5654)NessusSuSE Local Security Checks
high
57615Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerabilities (USN-1334-1)NessusUbuntu Local Security Checks
high
57567Mandriva Linux Security Advisory : libxml2 (MDVSA-2012:005)NessusMandriva Local Security Checks
high
57562CentOS 6 : libxml2 (CESA-2012:0018)NessusCentOS Local Security Checks
high
57493RHEL 6 : libxml2 (RHSA-2012:0018)NessusRed Hat Local Security Checks
high
57492RHEL 5 : libxml2 (RHSA-2012:0017)NessusRed Hat Local Security Checks
high
57491RHEL 4 : libxml2 (RHSA-2012:0016)NessusRed Hat Local Security Checks
high
57487CentOS 5 : libxml2 (CESA-2012:0017)NessusCentOS Local Security Checks
high
57486CentOS 4 : libxml2 (CESA-2012:0016)NessusCentOS Local Security Checks
high
800946Google Chrome < 16.0.912.75 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6262Google Chrome < 16.0.912.75 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
57468Google Chrome < 16.0.912.75 Multiple VulnerabilitiesNessusWindows
high
57454FreeBSD : chromium -- multiple vulnerabilities (1a1aef8e-3894-11e1-8b5c-00262d5ed8ee)NessusFreeBSD Local Security Checks
high