CVE-2011-0216 — Heap-based Buffer Overflow in Apple Safari

CWE-189 CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

9.3CRITICALNVD

EPSS

4.0%

top 11.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Debian Libxml2 Apple Safari

Timeline

PublishedJul 21

Latest updateMay 17

Description

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDapple/safari5.0.5+55

▶debiandebian/libxml2< libxml2 2.7.8.dfsg-5.1 (bookworm)

▶Debianxmlsoft/libxml2< 2.7.8.dfsg-5.1+3

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-rm98-6q39-jh4q: Off-by-one error in libxml in Apple Safari before 5↗2022-05-17

▶

OSV

CVE-2011-0216: Off-by-one error in libxml in Apple Safari before 5↗2011-07-21

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2012-01-19

▶

Red Hat

libxml2: Off-by-one error leading to heap-based buffer overflow in encoding↗2011-07-20

▶

Debian

CVE-2011-0216: libxml2 - Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers ...↗2011

▶

💬Community

Bugzilla

CVE-2011-0216 CVE-2011-3905 CVE-2011-3919 mingw32-libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]↗2011-11-22

▶

Bugzilla

CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]↗2011-11-22

▶

Bugzilla

CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding↗2011-07-22

▶