CVE-2011-2821
published 2011-08-29CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.99%
78.2th percentile
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | < 6.0 | 6.0 |
| apple | mac_os_x | < 10.7.4 | 10.7.4 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.7.8.dfsg-5 (bookworm) | libxml2 2.7.8.dfsg-5 (bookworm) |
| chrome | < 13.0.782.215 | 13.0.782.215 | |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-5 | 2.7.8.dfsg-5 |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-5 | 2.7.8.dfsg-5 |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-5 | 2.7.8.dfsg-5 |
| xmlsoft | libxml2 | >= 0 < 2.7.8.dfsg-5 | 2.7.8.dfsg-5 |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_ubuntu9.3CRITICAL
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mx3h-88ww-4mqq: Double free vulnerability in libxml2, as used in Google Chrome before 13
ghsa_unreviewed·2022-05-13
CVE-2011-2821 [HIGH] CWE-415 GHSA-mx3h-88ww-4mqq: Double free vulnerability in libxml2, as used in Google Chrome before 13
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
OSV
CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13
osv·2011-08-29·CVSS 7.5
CVE-2011-2821 [HIGH] CVE-2011-2821: Double free vulnerability in libxml2, as used in Google Chrome before 13
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2012-01-19·CVSS 9.3
CVE-2011-0216 [CRITICAL] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file.
It was discovered that libxml2 contained an off by one error. If a user or
application linked against libxml2 were tricked into opening a specially
crafted XML file, an attacker could cause the application to crash or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2011-0216)
It was discovered that libxml2 is vulnerable to double-free conditions
when parsing certain XML documents. This could allow a remote attacker to
cause a denial of service. (CVE-2011-2821, CVE-2011-2834)
It was discovered that libxml2 did not properly detect end of file when
parsing certain XML documents. An attack
Red Hat
libxml2: double free caused by malformed XPath expression in XSLT
vendor_redhat·2011-08-22·CVSS 7.5
CVE-2011-2821 [HIGH] CWE-672 libxml2: double free caused by malformed XPath expression in XSLT
libxml2: double free caused by malformed XPath expression in XSLT
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
Statement: This issue does not affect the version of libxml2 package as shipped with Red Hat Enterprise Linux 4 and 5.
Package: libxml2 (Red Hat Enterprise Linux 4) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-2821: libxml2 - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.2...
vendor_debian·2011·CVSS 7.5
CVE-2011-2821 [HIGH] CVE-2011-2821: libxml2 - Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.2...
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
Scope: local
bookworm: resolved (fixed in 2.7.8.dfsg-5)
bullseye: resolved (fixed in 2.7.8.dfsg-5)
forky: resolved (fixed in 2.7.8.dfsg-5)
sid: resolved (fixed in 2.7.8.dfsg-5)
trixie: resolved (fixed in 2.7.8.dfsg-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT
bugzilla·2011-09-05·CVSS 7.5
CVE-2011-2821 [HIGH] CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT
CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-2821 to the following vulnerability.
Name: CVE-2011-2821
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2821
Reference: CONFIRM:http://code.google.com/p/chromium/issues/detail?id=89402
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html
Double free vulnerability in libxml2, as used in Google Chrome before
13.0.782.215, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via a crafted XPath expression.
Discussion:
Upstream patch:
http://git.gnome.org/browse/libxml2/commit/?id=f5048b3e71fc30ad096970b8df6e7af073bae4cb
---
Created libxml2 t
Bugzilla
CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT [fedora-all]
bugzilla·2011-09-05·CVSS 7.5
CVE-2011-2821 [HIGH] CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT [fedora-all]
CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=735712
Please note: this issu
http://code.google.com/p/chromium/issues/detail?id=89402http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0217.htmlhttp://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5503http://www.debian.org/security/2012/dsa-2394http://www.mandriva.com/security/advisories?name=MDVSA-2011:145http://www.redhat.com/support/errata/RHSA-2011-1749.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840http://code.google.com/p/chromium/issues/detail?id=89402http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.htmlhttp://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041http://lists.apple.com/archives/security-announce/2012/May/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00003.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0217.htmlhttp://support.apple.com/kb/HT5281http://support.apple.com/kb/HT5503http://www.debian.org/security/2012/dsa-2394http://www.mandriva.com/security/advisories?name=MDVSA-2011:145http://www.redhat.com/support/errata/RHSA-2011-1749.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840
2011-08-29
Published