Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6948CD9-8489-46BA-9159-24C842490702", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "35C43087-760E-482A-B34E-141A29AC57A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "669211F7-90EA-47AB-A787-34DD79DF8E25", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "025B16D8-1023-4D47-BADD-C1E838B47D88", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "320E691F-D417-4D81-A223-C46FEFFD908A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "98CF3A74-B9F8-4689-B81C-F579D827DA5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "798F7A01-F006-4589-82F8-943F81015693", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "36940C55-BFD4-4C77-A26B-C0F273EAC2EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*", "matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*", "matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*", "matchCriteriaId": "CB8A074B-069A-4520-8E3C-AB614C31B68A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*", "matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "87E895B9-5AF7-4A1F-B740-B3E13DE3254E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC720A50-9EF5-4B73-86D1-AE87D402611E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "464942E8-EDF3-4ECB-B907-FFCDBC9079C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E1246C0E-DCAC-405E-ADCE-3D16D659C567", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "5703D8EC-259B-49C3-AADE-916227DEB96F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "184B40E3-28FD-49A4-9560-5E26293D7D08", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7CCE8BBA-6721-4257-9F2E-23AEB104564E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "AF2A3107-5F12-407E-9009-7F42B09299E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D8F7811-88A2-4128-85C4-09B7B7DF64A1", "versionEndIncluding": "1.8.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BD5A61AA-C026-474A-AB95-4A7B35DC6842", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A63B4430-BB5E-4714-BA20-D793753ACA73", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "E411F0BC-8E12-4BE6-8F32-DE0721970511", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7ACD7BA-720C-4640-9A91-E7D622D5FFF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "05F92712-AE3F-469C-8BCB-8EA84059D966", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "5E8338BB-C771-446E-8BBC-6874B38860F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0C2884C3-09E9-4834-AF29-7CE1971B995F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "FCE2E4F7-9AE2-4EA7-AE98-DF9F163BBA4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "BD00A9AB-101C-4964-BBD8-5EE782274B39", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB312CF5-3344-4D08-8BBE-E3F89841DE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF7C1F5B-89AE-42EF-B97F-A78D35BC1EB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "933140AC-DE87-450B-8564-1E409BD1F3A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "E03BBCCC-2C76-4E02-B2BA-DE2D88FB879E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "294EA917-6988-4E7C-A7CB-C4D6632F156E", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "C291277E-D850-4E91-B01F-68E79C33007C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "02154B73-A784-41FD-A9DB-CEF4DAF21BD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "AA53FCD8-A7B0-4B90-AA57-4DCCD67C42D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "9AFFA818-2554-4D4E-8B1B-6BF40EC5FFED", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "D0044EBB-9A1F-4C84-839A-3D6FDCF594AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "856C07F8-62AC-4DEC-97A4-939A7658D751", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "0CC31771-E410-4957-AD70-B6C248AAB98C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "797FD325-0B42-46DA-AE60-4FAD16A51430", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "AB4429CD-315B-45B8-BFBE-7BB24906A4FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "3CB8C959-9D10-49C3-9069-FFF981A4EF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "931A0B86-34C0-4710-94AE-F8855083DC7D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions."}, {"lang": "es", "value": "Desbordamiento de entero en xpath.c en libxml2 v2.6.x hasta v2.6.32 y v2.7.x hasta v2.7.8, y libxml v1.8.16 y anteriores, permite a atacantes dependientes del contexto, provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo XML modificado que provoca un desbordamiento de buffer basado en memoria din\u00e1mica cuando se a\u00f1ade un nuevo espacio de nombres al nodo, relacionado con la manipulaci\u00f3n de expresiones XPath."}], "id": "CVE-2011-1944", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-09-02T16:55:03.553", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4"}, {"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "secalert@redhat.com", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44711"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT5281"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT5503"}, {"source": "secalert@redhat.com", "url": "http://ubuntu.com/usn/usn-1153-1"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2011/dsa-2255"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:131"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/05/31/8"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/73248"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/48056"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.gnome.org/browse/libxml2/commit/?id=d7958b21e7f8c447a26bb2436f08402b2c308be4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062238.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2011-07/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0217.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/44711"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5281"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT5503"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ubuntu.com/usn/usn-1153-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2011/dsa-2255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:131"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2011/05/31/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/73248"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-1749.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/48056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709747"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}