CVE-2011-1944
published 2011-09-02CVE-2011-1944: Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause…
PriorityP358critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.73%
96.0th percentile
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Affected
66 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | < libxml2 2.7.8.dfsg-3 (bookworm) | libxml2 2.7.8.dfsg-3 (bookworm) |
| oracle | fusion_middleware | — | — |
| oracle | fusion_middleware | — | — |
| oracle | fusion_middleware | — | — |
| xmlsoft | libxml | <= 1.8.16 | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
| xmlsoft | libxml | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-447f-hj4w-5xch: Integer overflow in xpath
ghsa_unreviewed·2022-05-17
CVE-2011-1944 [HIGH] GHSA-447f-hj4w-5xch: Integer overflow in xpath
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
GHSA
GHSA-88pc-jqmf-2v4j: Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2014-6571 [CRITICAL] GHSA-88pc-jqmf-2v4j: Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2011-1944.
OSV
CVE-2011-1944: Integer overflow in xpath
osv·2011-09-02·CVSS 9.3
CVE-2011-1944 [CRITICAL] CVE-2011-1944: Integer overflow in xpath
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Ubuntu
libxml2 vulnerability
vendor_ubuntu·2011-06-16
CVE-2011-1944 libxml2 vulnerability
Title: libxml2 vulnerability
Summary: libxml2 could be made to crash or run programs as your login if it opened a
specially crafted file.
Chris Evans discovered that libxml2 incorrectly handled memory allocation.
If an application using libxml2 opened a specially crafted XML file, an
attacker could cause a denial of service or possibly execute code as the
user invoking the program.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Red Hat
libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
vendor_redhat·2011-05-27·CVSS 9.3
CVE-2011-1944 [CRITICAL] CWE-122 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Package: libxml2 (Red Hat Enterprise Linux 4) - Will not fix
Debian
CVE-2011-1944: libxml2 - Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2....
vendor_debian·2011·CVSS 9.3
CVE-2011-1944 [CRITICAL] CVE-2011-1944: libxml2 - Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2....
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
Scope: local
bookworm: resolved (fixed in 2.7.8.dfsg-3)
bullseye: resolved (fixed in 2.7.8.dfsg-3)
forky: resolved (fixed in 2.7.8.dfsg-3)
sid: resolved (fixed in 2.7.8.dfsg-3)
trixie: resolved (fixed in 2.7.8.dfsg-3)
No detection rules found.
Bugzilla
CVE-2011-0216 CVE-2011-3905 CVE-2011-3919 mingw32-libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
bugzilla·2011-11-22·CVSS 9.3
CVE-2011-0216 [CRITICAL] CVE-2011-0216 CVE-2011-3905 CVE-2011-3919 mingw32-libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
CVE-2011-0216 CVE-2011-3905 CVE-2011-3919 mingw32-libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission li
Bugzilla
CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
bugzilla·2011-11-22·CVSS 9.3
CVE-2011-0216 [CRITICAL] CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/
Bugzilla
CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
bugzilla·2011-06-01·CVSS 9.3
CVE-2011-1944 [CRITICAL] CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
An integer overflow, leading to heap-based buffer overflow was found
in the way libxml, XML files manipulation library, processed certain
XPath expressions. A remote attacker could provide a specially-crafted
XML file, which once opened in an application linked against libxml
would cause that application to crash, or, potentially, execute arbitrary
code with the privileges of the user running the application.
References:
[1] http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
[2] http://www.openwall.com/lists/oss-security/2011/05/31/5
[3] http://www.openwall.com/lists/oss-security/2011/05/31/8
Upstream patch:
[4] http://gi
Bugzilla
CVE-2011-1944 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
bugzilla·2011-06-01·CVSS 9.3
CVE-2011-1944 [CRITICAL] CVE-2011-1944 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
CVE-2011-1944 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=se
Bugzilla
CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
bugzilla·2011-06-01·CVSS 9.3
CVE-2011-1944 [CRITICAL] CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?
http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.htmlhttp://lists.opensuse.org/opensuse-updates/2011-07/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0217.htmlhttp://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.htmlhttp://secunia.com/advisories/44711http://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5503http://ubuntu.com/usn/usn-1153-1http://www.debian.org/security/2011/dsa-2255http://www.mandriva.com/security/advisories?name=MDVSA-2011:131http://www.openwall.com/lists/oss-security/2011/05/31/8http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.osvdb.org/73248http://www.redhat.com/support/errata/RHSA-2011-1749.htmlhttp://www.securityfocus.com/bid/48056https://bugzilla.redhat.com/show_bug.cgi?id=709747http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.htmlhttp://lists.opensuse.org/opensuse-updates/2011-07/msg00035.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0217.htmlhttp://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.htmlhttp://secunia.com/advisories/44711http://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5503http://ubuntu.com/usn/usn-1153-1http://www.debian.org/security/2011/dsa-2255http://www.mandriva.com/security/advisories?name=MDVSA-2011:131http://www.openwall.com/lists/oss-security/2011/05/31/8http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.osvdb.org/73248http://www.redhat.com/support/errata/RHSA-2011-1749.htmlhttp://www.securityfocus.com/bid/48056https://bugzilla.redhat.com/show_bug.cgi?id=709747
2011-09-02
Published