CVE-2011-3102 — Out-of-bounds Write in Libxml2

CWE-189 CWE-787 — Out-of-bounds Write12 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

2.0%

top 16.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Debian Libxml2 Apple Iphone OS +8 more

Timeline

PublishedMay 16

Latest updateMay 14

Description

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages11 packages

▶NVDgoogle/chrome19.0.1084.45

▶debiandebian/libxml2< libxml2 2.7.8.dfsg-9.1 (bookworm)

▶Debianxmlsoft/libxml2< 2.7.8.dfsg-9.1+3

▶NVDapple/iphone_os6.1.4+47

▶vmwarevmware/esxi

🔴Vulnerability Details

GHSA

GHSA-qr4v-5qvh-34j2: Off-by-one error in libxml2, as used in Google Chrome before 19↗2022-05-14

▶

OSV

CVE-2011-3102: Off-by-one error in libxml2, as used in Google Chrome before 19↗2012-05-16

▶

📋Vendor Advisories

VMware

VMware vSphere security updates for the authentication service and third party libraries↗2013-01-31

▶

VMware

VMware security updates for vCSA, vCenter Server, and ESXi↗2012-12-20

▶

Ubuntu

libxml2 vulnerability↗2012-05-21

▶

Red Hat

libxml: An off-by-one out-of-bounds write by XPointer part evaluation↗2012-05-15

▶

Debian

CVE-2011-3102: libxml2 - Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and ot...↗2011

▶

💬Community

Bugzilla

CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [fedora-all]↗2012-09-20

▶

Bugzilla

CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [epel-5]↗2012-09-20

▶

Bugzilla

CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [fedora-all]↗2012-05-16

▶

Bugzilla

CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation↗2012-05-16

▶