Vulnerabilities > CVE-2011-3102 - Numeric Errors vulnerability in Google Chrome
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-320.NASL description specially crafted xpath statements could cause an out of bounds memory write last seen 2020-06-05 modified 2014-06-13 plugin id 74650 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74650 title openSUSE Security Update : libxml2 (openSUSE-SU-2012:0731-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-320. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74650); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-3102"); script_name(english:"openSUSE Security Update : libxml2 (openSUSE-SU-2012:0731-1)"); script_summary(english:"Check for the openSUSE-2012-320 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "specially crafted xpath statements could cause an out of bounds memory write" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=764538" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html" ); script_set_attribute( attribute:"solution", value:"Update the affected libxml2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libxml2-devel-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/15"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-2.7.8+git20110708-3.8.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-debuginfo-2.7.8+git20110708-3.8.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-debugsource-2.7.8+git20110708-3.8.1") ) flag++; if ( rpm_check(release:"SUSE12.1", reference:"libxml2-devel-2.7.8+git20110708-3.8.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxml2-32bit-2.7.8+git20110708-3.8.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxml2-debuginfo-32bit-2.7.8+git20110708-3.8.1") ) flag++; if ( rpm_check(release:"SUSE12.1", cpu:"x86_64", reference:"libxml2-devel-32bit-2.7.8+git20110708-3.8.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2 / libxml2-32bit / libxml2-debuginfo / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B8AE4659A0DA11E1A294BCAEC565249C.NASL description Google chrome team reports : An off-by-one out-of-bounds write flaw was found in the way libxml, a library for providing XML and HTML support, evaluated certain XPointer parts (XPointer is used by libxml to include only the part from the returned XML document, that can be accessed using the XPath expression given with the XPointer). A remote attacker could provide a specially crafted XML file, which once opened in an application, linked against libxml, would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Note: The flaw to be exploited requires the particular application, linked against libxml, to use the XPointer evaluation functionality. last seen 2020-06-01 modified 2020-06-02 plugin id 59207 published 2012-05-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59207 title FreeBSD : libxml2 -- An off-by-one out-of-bounds write by XPointer (b8ae4659-a0da-11e1-a294-bcaec565249c) NASL family Misc. NASL id VMWARE_ESX_VMSA-2013-0001_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt last seen 2020-06-01 modified 2020-06-02 plugin id 89661 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89661 title VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0217.NASL description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 64391 published 2013-02-01 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64391 title RHEL 6 : mingw32-libxml2 (RHSA-2013:0217) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2479.NASL description Jueri Aedla discovered an off-by-one in libxml2, which could result in the execution of arbitrary code. last seen 2020-03-17 modified 2012-05-24 plugin id 59251 published 2012-05-24 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59251 title Debian DSA-2479-1 : libxml2 - off-by-one NASL family Scientific Linux Local Security Checks NASL id SL_20130131_MINGW32_LIBXML2_ON_SL6_X.NASL description IMPORTANT NOTE: The mingw32 packages in Scientific Linux 6 will no longer be updated proactively and will be deprecated with the release of Scientific Linux 6.4. These packages were provided to support other capabilities in Scientific Linux and were not intended for direct use. You are advised to not use these packages with immediate effect. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) last seen 2020-03-18 modified 2013-02-04 plugin id 64425 published 2013-02-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64425 title Scientific Linux Security Update : mingw32-libxml2 on SL6.x (x86_64) (20130131) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-098.NASL description A vulnerability has been discovered and corrected in libxml2 : An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 59652 published 2012-06-22 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59652 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2012:098) NASL family Fedora Local Security Checks NASL id FEDORA_2012-13824.NASL description lot of security bug fixes Lots of security patches Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-27 plugin id 62324 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62324 title Fedora 16 : libxml2-2.7.8-8.fc16 (2012-13824) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1325.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78935 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78935 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1325) NASL family Solaris Local Security Checks NASL id SOLARIS11_LIBXML2_20121120.NASL description The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. (CVE-2011-0216) - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. (CVE-2011-2821) - Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. (CVE-2011-2834) - Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. (CVE-2011-3102) - libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. (CVE-2011-3905) - Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. (CVE-2011-3919) - libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. (CVE-2012-0841) last seen 2020-06-01 modified 2020-06-02 plugin id 80688 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80688 title Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of) NASL family Windows NASL id ITUNES_11_1_4.NASL description The version of Apple iTunes installed on the remote Windows host is older than 11.1.4. It is, therefore, potentially affected by several issues : - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 72104 published 2014-01-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72104 title Apple iTunes < 11.1.4 Multiple Vulnerabilities (credentialed check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1324.NASL description An updated rhev-hypervisor5 package that fixes one security issue and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-4244 (bind issue) CVE-2012-2319, CVE-2012-3430, and CVE-2012-3510 (kernel issues) CVE-2011-3102, CVE-2012-0841, and CVE-2012-2807 (libxml2 issues) Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78934 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78934 title RHEL 5 : rhev-hypervisor5 (RHSA-2012:1324) NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and last seen 2020-06-01 modified 2020-06-02 plugin id 70886 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70886 title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check) NASL family Scientific Linux Local Security Checks NASL id SL_20120918_LIBXML2_ON_SL5_X.NASL description The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-03-18 modified 2012-09-19 plugin id 62197 published 2012-09-19 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62197 title Scientific Linux Security Update : libxml2 on SL5.x, SL6.x i386/x86_64 (20120918) NASL family SuSE Local Security Checks NASL id SUSE_LIBXML2-8156.NASL description Specially crafted XML could have caused a denial of service via an out-of-bounds write (application crash) to applications that are linked against libxml2 (CVE-2011-3102). This has been fixed. last seen 2020-06-05 modified 2012-06-27 plugin id 59722 published 2012-06-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59722 title SuSE 10 Security Update : libxml2 (ZYPP Patch Number 8156) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-056.NASL description Multiple vulnerabilities was found and corrected in libxml2 : A heap-buffer overflow was found in the way libxml2 decoded certain XML entitites. A remote attacker could provide a specially crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-5134). A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption (CVE-2013-0338). An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 66070 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66070 title Mandriva Linux Security Advisory : libxml2 (MDVSA-2013:056) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1288.NASL description Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62206 published 2012-09-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62206 title CentOS 5 / 6 : libxml2 (CESA-2012:1288) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_1022489_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by the following vulnerabilities : - An off-by-one overflow condition exists in the xmlXPtrEvalXPtrPart() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2011-3102) - Multiple integer overflow conditions exist due to improper validation of user-supplied input when handling overly long strings. An unauthenticated, remote attacker can exploit this, via a specially crafted XML file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-2807) - A heap-based underflow condition exists in the bundled libxml2 library due to incorrect parsing of strings not containing an expected space. A remote attacker can exploit this, via a specially crafted XML document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2012-5134) - A privilege escalation vulnerability exists due to improper handling of control code in the lgtosync.sys driver. A local attacker can exploit this escalate privileges on Windows-based 32-bit guest operating systems. (CVE-2013-3519) last seen 2020-06-01 modified 2020-06-02 plugin id 70877 published 2013-11-13 reporter This script is (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70877 title ESXi 5.0 < Build 1022489 Multiple Vulnerabilities (remote check) NASL family Windows NASL id GOOGLE_CHROME_19_0_1084_46.NASL description The version of Google Chrome installed on the remote host is earlier than 19.0.1084.46 and is, therefore, affected by the following vulnerabilities : - Video content with FTP can cause crashes. (CVE-2011-3083) - Internal links are not loaded in their own process. (CVE-2011-3084) - Lengthy auto-filled values can corrupt the user interface. (CVE-2011-3085) - Use-after free errors exist related to style elements, table handling, indexed DBs, GTK last seen 2020-06-01 modified 2020-06-02 plugin id 59117 published 2012-05-16 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59117 title Google Chrome < 19.0.1084.46 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-13820.NASL description Lot of security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-27 plugin id 62323 published 2012-09-27 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62323 title Fedora 17 : libxml2-2.7.8-9.fc17 (2012-13820) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2013-0001.NASL description a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. b. Update to ESX/ESXi libxml2 userworld and service console The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Also, the ESX service console libxml2 packages are updated to the following versions : libxml2-2.6.26-2.1.15.el5_8.5 libxml2-python-2.6.26-2.1.15.el5_8.5 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3102 and CVE-2012-2807 to these issues. c. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4244 to this issue. d. Update to ESX service console libxslt package The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64642 published 2013-02-16 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64642 title VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1288.NASL description From Red Hat Security Advisory 2012:1288 : Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68629 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68629 title Oracle Linux 5 / 6 : libxml2 (ELSA-2012-1288) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-134.NASL description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) last seen 2020-06-01 modified 2020-06-02 plugin id 69624 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69624 title Amazon Linux AMI : libxml2 (ALAS-2012-134) NASL family Peer-To-Peer File Sharing NASL id ITUNES_11_1_2_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 11.1.2. It is, therefore, affected by multiple vulnerabilities : - An uninitialized memory access error exists in the handling of text tracks. By using a specially crafted movie file, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2013-1024) - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 70589 published 2013-10-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70589 title Apple iTunes < 11.1.2 Multiple Vulnerabilities (uncredentialed check) NASL family Windows NASL id ITUNES_11_1_2.NASL description The version of Apple iTunes installed on the remote Windows host is older than 11.1.2. It is, therefore, potentially affected by several issues : - An uninitialized memory access issue exists in the handling of text tracks, which could lead to memory corruption and possibly arbitrary code execution. (CVE-2013-1024) - The included versions of WebKit, libxml, and libxslt contain several errors that could lead to memory corruption and possibly arbitrary code execution. The vendor notes that one possible attack vector is a man-in-the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 70588 published 2013-10-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70588 title Apple iTunes < 11.1.2 Multiple Vulnerabilities (credentialed check) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201207-02.NASL description The remote host is affected by the vulnerability described in GLSA-201207-02 (libxml2: User-assisted execution of arbitrary code) The last seen 2020-06-01 modified 2020-06-02 plugin id 59894 published 2012-07-10 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59894 title GLSA-201207-02 : libxml2: User-assisted execution of arbitrary code NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1627-1.NASL description libxml2 has been updated to fix the following security issue : - CVE-2013-0338: libxml2 allowed context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka last seen 2020-06-05 modified 2015-05-20 plugin id 83599 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83599 title SUSE SLES10 Security Update : libxml2 (SUSE-SU-2013:1627-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXML2-120530.NASL description Specially crafted XML could have caused a denial of service via an out-of-bounds write (application crash) to applications that are linked against libxml2 (CVE-2011-3102). This has been fixed. last seen 2020-06-05 modified 2013-01-25 plugin id 64204 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64204 title SuSE 11.1 Security Update : libxml2 (SAT Patch Number 6365) NASL family Misc. NASL id APPLETV_6_0.NASL description According to its banner, the remote Apple TV 2nd generation or later device is prior to 6.0. It is, therefore, reportedly affected by multiple vulnerabilities, the most serious issues of which could result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 70257 published 2013-10-01 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70257 title Apple TV < 6.0 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1288.NASL description Updated libxml2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 62195 published 2012-09-19 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62195 title RHEL 5 / 6 : libxml2 (RHSA-2012:1288) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0217.NASL description From Red Hat Security Advisory 2013:0217 : Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 68721 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68721 title Oracle Linux 6 : mingw32-libxml2 (ELSA-2013-0217) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0217.NASL description Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 64384 published 2013-02-01 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64384 title CentOS 6 : mingw32-libxml2 (CESA-2013:0217) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-295.NASL description Chromium update to 21.0.1145 - Fixed several issues around audio not playing with videos - Crash Fixes - Improvements to trackpad on Cr-48 - Security Fixes (bnc#762481) - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI corruption with long autofilled values - CVE-2011-3086: Use-after-free with style element. - CVE-2011-3087: Incorrect window navigation - CVE-2011-3088: Out-of-bounds read in hairline drawing - CVE-2011-3089: Use-after-free in table handling. - CVE-2011-3090: Race condition with workers. - CVE-2011-3091: Use-after-free with indexed DB - CVE-2011-3092: Invalid write in v8 regex - CVE-2011-3093: Out-of-bounds read in glyph handling - CVE-2011-3094: Out-of-bounds read in Tibetan handling - CVE-2011-3095: Out-of-bounds write in OGG container. - CVE-2011-3096: Use-after-free in GTK omnibox handling. - CVE-2011-3098: Bad search path for Windows Media Player plug-in - CVE-2011-3100: Out-of-bounds read drawing dash paths. - CVE-2011-3101: Work around Linux Nvidia driver bug - CVE-2011-3102: Off-by-one out-of-bounds write in libxml. last seen 2020-06-05 modified 2014-06-13 plugin id 74634 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74634 title openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0656-1) NASL family Peer-To-Peer File Sharing NASL id ITUNES_11_1_4_BANNER.NASL description The version of Apple iTunes on the remote host is prior to version 11.1.4. It is, therefore, affected by multiple vulnerabilities : - The included versions of the WebKit, libxml, and libxslt components in iTunes contain several errors that can lead to memory corruption and arbitrary code execution. The vendor states that one possible vector is a man-in- the-middle attack while the application browses the last seen 2020-06-01 modified 2020-06-02 plugin id 72105 published 2014-01-23 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72105 title Apple iTunes < 11.1.4 Multiple Vulnerabilities (uncredentialed check) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1447-1.NASL description Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 59225 published 2012-05-22 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59225 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libxml2 vulnerability (USN-1447-1)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://code.google.com/p/chromium/issues/detail?id=125462
- http://googlechromereleases.blogspot.com/2012/05/stable-channel-update.html
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
- http://rhn.redhat.com/errata/RHSA-2013-0217.html
- http://secunia.com/advisories/49243
- http://secunia.com/advisories/50658
- http://secunia.com/advisories/54886
- http://secunia.com/advisories/55568
- http://support.apple.com/kb/HT5934
- http://support.apple.com/kb/HT6001
- http://www.debian.org/security/2012/dsa-2479
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:098
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
- http://www.securityfocus.com/bid/53540
- http://www.securitytracker.com/id?1027067
- http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75607
- https://lists.opensuse.org/opensuse-updates/2012-06/msg00011.html