CVE-2012-2807
published 2012-06-27CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to…
PriorityP425medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.58%
72.5th percentile
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Affected
103 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | <= 6.1.4 | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
| apple | iphone_os | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52m3-crxv-6mg3: Multiple integer overflows in libxml2, as used in Google Chrome before 20
ghsa_unreviewed·2022-05-17
CVE-2012-2807 [MEDIUM] GHSA-52m3-crxv-6mg3: Multiple integer overflows in libxml2, as used in Google Chrome before 20
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
OSV
CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 20
osv·2012-06-27·CVSS 6.8
CVE-2012-2807 [MEDIUM] CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 20
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
VMware
VMware vSphere security updates for the authentication service and third party libraries
vendor_vmware·2013-01-31·CVSS 10.0
CVE-2011-1202 [CRITICAL] VMware vSphere security updates for the authentication service and third party libraries
VMSA-2013-0001: VMware vSphere security updates for the authentication service and third party libraries
a. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. Column 4 of the following tabl
VMware
VMware security updates for vCSA, vCenter Server, and ESXi
vendor_vmware·2012-12-20·CVSS 4.0
CVE-2009-5029 [MEDIUM] VMware security updates for vCSA, vCenter Server, and ESXi
VMSA-2012-0018: VMware security updates for vCSA, vCenter Server, and ESXi
a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Product Version Running on Replace with/ Apply Patch VMware Product vCSA Product Vers
Ubuntu
libxml2 vulnerability
vendor_ubuntu·2012-09-27
CVE-2012-2807 libxml2 vulnerability
Title: libxml2 vulnerability
Summary: Applications using libxml2 could be made to crash or run programs as your
login if they opened a specially crafted file.
Juri Aedla discovered that libxml2 incorrectly handled certain memory
operations. If a user or application linked against libxml2 were tricked
into opening a specially crafted XML file, an attacker could cause the
application to crash or possibly execute arbitrary code with the privileges
of the user invoking the program.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
(64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
vendor_redhat·2012-06-26·CVSS 6.8
CVE-2012-2807 [MEDIUM] CWE-190 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
(64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Statement: This issue affected the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This issue does not affect the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6.
Package: mingw32-libxml2 (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2012-2807: libxml2 - Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132...
vendor_debian·2012·CVSS 6.8
CVE-2012-2807 [MEDIUM] CVE-2012-2807: libxml2 - Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132...
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Scope: local
bookworm: resolved (fixed in 2.8.0+dfsg1-5)
bullseye: resolved (fixed in 2.8.0+dfsg1-5)
forky: resolved (fixed in 2.8.0+dfsg1-5)
sid: resolved (fixed in 2.8.0+dfsg1-5)
trixie: resolved (fixed in 2.8.0+dfsg1-5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [fedora-all]
bugzilla·2012-09-20·CVSS 6.8
CVE-2011-3102 [MEDIUM] CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [fedora-all]
CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs
Bugzilla
CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [epel-5]
bugzilla·2012-09-20·CVSS 6.8
CVE-2011-3102 [MEDIUM] CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [epel-5]
CVE-2011-3102 CVE-2012-2807 mingw32-libxml2 various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=822
Bugzilla
CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact [fedora-all]
bugzilla·2012-07-27·CVSS 6.8
CVE-2012-2807 [MEDIUM] CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact [fedora-all]
CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://ad
Bugzilla
CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
bugzilla·2012-06-27·CVSS 6.8
CVE-2012-2807 [MEDIUM] CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-2807 to the following vulnerability:
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
References:
[1] http://code.google.com/p/chromium/issues/detail?id=129930
[2] http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
Discussion:
Relevant Google Chrome patch:
[3] http://git.chromium.org/gitweb/?p=chromium/src.git;a=commitdiff;h=f183580d61c054f7f6bb35cfe29e1b342390fbeb
---
Okay, i finally pushed a patch upst
http://code.google.com/p/chromium/issues/detail?id=129930http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.htmlhttp://secunia.com/advisories/50658http://secunia.com/advisories/50800http://secunia.com/advisories/54886http://secunia.com/advisories/55568http://support.apple.com/kb/HT5934http://support.apple.com/kb/HT6001http://www.debian.org/security/2012/dsa-2521http://www.mandriva.com/security/advisories?name=MDVSA-2012:126http://www.mandriva.com/security/advisories?name=MDVSA-2013:056http://www.securityfocus.com/bid/54718http://www.ubuntu.com/usn/USN-1587-1https://hermes.opensuse.org/messages/15075728https://hermes.opensuse.org/messages/15375990http://code.google.com/p/chromium/issues/detail?id=129930http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.htmlhttp://lists.apple.com/archives/security-announce/2013/Oct/msg00009.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.htmlhttp://secunia.com/advisories/50658http://secunia.com/advisories/50800http://secunia.com/advisories/54886http://secunia.com/advisories/55568http://support.apple.com/kb/HT5934http://support.apple.com/kb/HT6001http://www.debian.org/security/2012/dsa-2521http://www.mandriva.com/security/advisories?name=MDVSA-2012:126http://www.mandriva.com/security/advisories?name=MDVSA-2013:056http://www.securityfocus.com/bid/54718http://www.ubuntu.com/usn/USN-1587-1https://hermes.opensuse.org/messages/15075728https://hermes.opensuse.org/messages/15375990
2012-06-27
Published