MEDIUM
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660846
http://git.gnome.org/browse/libxml2/commit/?id=8973d58b7498fa5100a876815476b81fd1a2412a
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
http://rhn.redhat.com/errata/RHSA-2012-0324.html
http://rhn.redhat.com/errata/RHSA-2013-0217.html
http://secunia.com/advisories/54886
http://secunia.com/advisories/55568
http://securitytracker.com/id?1026723
http://support.apple.com/kb/HT5934
http://support.apple.com/kb/HT6001
http://www.debian.org/security/2012/dsa-2417
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.openwall.com/lists/oss-security/2012/02/22/1
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.securityfocus.com/bid/52107
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://blogs.oracle.com/sunsecurity/entry/cve_2012_0841_denial_of
OR
cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* versions up to 2.7.8 (inclusive)
OR
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.0.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:6.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 6.1.4 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
89038 | VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2012-0013) (remote check) | Nessus | Misc. | high |
89037 | VMware ESX / ESXi libxml2 Multiple Vulnerabilities (VMSA-2012-0012) (remote check) | Nessus | Misc. | high |
83599 | SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1) | Nessus | SuSE Local Security Checks | high |
80957 | Juniper Junos libxml2 Library Multiple Vulnerabilities (JSA10669) | Nessus | Junos Local Security Checks | high |
80688 | Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of) | Nessus | Solaris Local Security Checks | high |
75938 | openSUSE Security Update : libxml2 (openSUSE-SU-2012:0342-1) | Nessus | SuSE Local Security Checks | medium |
74577 | openSUSE Security Update : libxml2 (openSUSE-SU-2012:0421-1) | Nessus | SuSE Local Security Checks | medium |
72105 | Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | high |
72104 | Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check) | Nessus | Windows | high |
70884 | ESXi 5.0 < Build 764879 Multiple Vulnerabilities (remote check) | Nessus | Misc. | high |
70589 | Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | high |
70588 | Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check) | Nessus | Windows | high |
70257 | Apple TV < 6.0 Multiple Vulnerabilities | Nessus | Misc. | high |
69984 | Apple iOS < 7 Multiple Vulnerabilities | Nessus | Mobile Devices | high |
69659 | Amazon Linux AMI : libxml2 (ALAS-2012-52) | Nessus | Amazon Linux Local Security Checks | medium |
68721 | Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217) | Nessus | Oracle Linux Local Security Checks | high |
68489 | Oracle Linux 5 / 6 : libxml2 (ELSA-2012-0324) | Nessus | Oracle Linux Local Security Checks | medium |
64425 | Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131) | Nessus | Scientific Linux Local Security Checks | high |
64391 | RHEL 6 : mingw32-libxml2 (RHSA-2013:0217) | Nessus | Red Hat Local Security Checks | high |
64384 | CentOS 6 : mingw32-libxml2 (CESA-2013:0217) | Nessus | CentOS Local Security Checks | high |
8095 | iTunes for Windows < 11.1.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
64203 | SuSE 11.1 Security Update : libxml2 (SAT Patch Number 5869) | Nessus | SuSE Local Security Checks | medium |
62324 | Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824) | Nessus | Fedora Local Security Checks | high |
62323 | Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820) | Nessus | Fedora Local Security Checks | high |
61747 | VMSA-2012-0013 : VMware vSphere and vCOps updates to third-party libraries | Nessus | VMware ESX Local Security Checks | high |
61268 | Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20120221) | Nessus | Scientific Linux Local Security Checks | medium |
59966 | VMSA-2012-0012 : VMware ESXi update to third-party library | Nessus | VMware ESX Local Security Checks | high |
59163 | SuSE 10 Security Update : libxml2 (ZYPP Patch Number 7997) | Nessus | SuSE Local Security Checks | medium |
58214 | GLSA-201203-04 : libxml2: Denial of Service | Nessus | Gentoo Local Security Checks | medium |
58145 | Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libxml2 vulnerability (USN-1376-1) | Nessus | Ubuntu Local Security Checks | medium |
58097 | Debian DSA-2417-1 : libxml2 - computational denial of service | Nessus | Debian Local Security Checks | medium |
58096 | CentOS 6 : libxml2 (CESA-2012:0324) | Nessus | CentOS Local Security Checks | medium |
58086 | RHEL 5 / 6 : libxml2 (RHSA-2012:0324) | Nessus | Red Hat Local Security Checks | medium |
8013 | Apple iOS < 7.0 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | critical |