Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2011-1944
Severity
9.3CRITICAL
EPSS
23.7%
top 4.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedSep 2
Latest updateMay 17
Description
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages3 packages
Patches
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets↗2011-06-01
Bugzilla▶
CVE-2011-1944 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]↗2011-06-01
Bugzilla▶
CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]↗2011-06-01