CVE-2011-1944

Advisory lineage Upstream: 0 Downstream: 6

Downstream

DEBIAN-CVE-2011-1944 DSA-2255-1 OPENSUSE-SU-2024:10192-1 RHSA-2011:1749 RHSA-2012:0017 RHSA-2013:0217

Modified

Published: 02 Sept 2011, 16:00

Last modified:06 Aug 2024, 22:46

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.3 HIGH

v2.0 (nvd)

EPSS Score

23.69% HIGH

24% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

5 found

Dark Web

Not detected

Timeline

02 Sept 2011, 16:00

Published

Vulnerability first disclosed

06 Aug 2024, 22:46

Last Modified

Vulnerability information updated

Description

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.

CVSS Metrics

v2.0•HIGH•Score: 9.3AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 23.69%• Percentile: 96%

Techniques & Countermeasures

CWE-189•Numeric Errors
Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

xmlsoft•libxml
≤ 1.8.16 | 1.5.0 | 1.6.0 | 1.6.1 | 1.6.2 | 1.7.0 | 1.7.1 | 1.7.2 | 1.7.3 | 1.7.4 | 1.8.0 | 1.8.1 | 1.8.2 | 1.8.3 | 1.8.4 | 1.8.5 | 1.8.6 | 1.8.7 | 1.8.8 | 1.8.9 | 1.8.10 | 1.8.11 | 1.8.12 | 1.8.13 | 1.8.14 | 1.8.15
xmlsoft•libxml2
2.6.0 | 2.6.1 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.7 | 2.6.8 | 2.6.9 | 2.6.11 | 2.6.12 | 2.6.13 | 2.6.14 | 2.6.16 | 2.6.17 | 2.6.18 | 2.6.20 | 2.6.22 | 2.6.26 | 2.6.27 | 2.6.30 | 2.6.32 | 2.7.0 | 2.7.1 | 2.7.2 | 2.7.3 | 2.7.4 | 2.7.5 | 2.7.6 | 2.7.7 | 2.7.8