CVE-2011-3905 — Out-of-bounds Read in Google Chrome

CWE-125 — Out-of-bounds Read10 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.2%

top 20.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Google Chrome Debian Libxml2 +5 more

Timeline

PublishedDec 13

Latest updateMay 13

Description

libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDgoogle/chrome< 16.0.912.63

▶debiandebian/libxml2< libxml2 2.7.8.dfsg-5.1 (bookworm)

▶Debianxmlsoft/libxml2< 2.7.8.dfsg-5.1+3

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

Also affects: Debian Linux 5.0, 6.0, 7.0, Enterprise Linux 6.3

🔴Vulnerability Details

GHSA

GHSA-g3p8-rpgj-m5cf: libxml2, as used in Google Chrome before 16↗2022-05-13

▶

OSV

CVE-2011-3905: libxml2, as used in Google Chrome before 16↗2011-12-13

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2012-01-19

▶

Red Hat

libxml2 out of bounds read↗2011-12-13

▶

Debian

CVE-2011-3905: libxml2 - libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to...↗2011

▶

💬Community

Bugzilla

CVE-2011-3919 CVE-2011-3905 CVE-2011-2834 libxml2 various flaws [fedora-all]↗2012-01-06

▶

Bugzilla

CVE-2011-3905 libxml2 out of bounds read↗2011-12-13

▶

Bugzilla

CVE-2011-0216 CVE-2011-3905 CVE-2011-3919 mingw32-libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]↗2011-11-22

▶

Bugzilla

CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]↗2011-11-22

▶