Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-1944

Опубликовано: 27 мая 2011
Источник: redhat
CVSS2: 5.1
EPSS Средний

Описание

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4libxml2Will not fix
Red Hat Enterprise Linux 5libxml2FixedRHSA-2012:001711.01.2012
Red Hat Enterprise Linux 6libxml2FixedRHSA-2011:174905.12.2011
Red Hat Enterprise Linux 6mingw32-libxml2FixedRHSA-2013:021731.01.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=709747libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets

EPSS

Процентиль: 95%
0.17548
Средний

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-1944

ubuntu
почти 14 лет назад

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

nvd логотип

CVE-2011-1944

nvd
почти 14 лет назад

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

debian логотип

CVE-2011-1944

debian
почти 14 лет назад

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...

github логотип

GHSA-447f-hj4w-5xch

github
около 3 лет назад

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

fstec логотип

BDU:2015-09421

fstec
почти 14 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 95%
0.17548
Средний

5.1 Medium

CVSS2