exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2013-2877

Status Candidate

Overview

parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
MD5 | 79d42811d0d77f411edfda4a318d5bb6
VMware Security Advisory 2014-0012
Posted Dec 5, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0012 - VMware vSphere product updates address a Cross Site Scripting issue, a certificate validation issue and security vulnerabilities in third-party libraries.

tags | advisory, vulnerability, xss
advisories | CVE-2013-1752, CVE-2013-2877, CVE-2013-4238, CVE-2014-0015, CVE-2014-0138, CVE-2014-0191, CVE-2014-3797, CVE-2014-8371
MD5 | f36bc2e46b09054b56cf41449f829177
Red Hat Security Advisory 2014-0513-01
Posted May 19, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0513-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash.

tags | advisory, remote, denial of service, xxe
systems | linux, redhat
advisories | CVE-2013-2877, CVE-2014-0191
MD5 | 00184b71ba54e6aeb48e6dd7dab2634f
Gentoo Linux Security Advisory 201311-06
Posted Nov 11, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-6 - Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 2.9.1-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2871, CVE-2012-5134, CVE-2013-0338, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877
MD5 | a066a83da5ac5a1f1cf9568ae1f62b6f
Debian Security Advisory 2779-1
Posted Oct 14, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2779-1 - Aki Helin of OUSPG discovered many out-of-bounds read issues in libxml2, the GNOME project's XML parser library, which can lead to denial of service issues when handling XML documents that end abruptly.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2013-2877
MD5 | 1ced8c96d72074d6abcc62e4863d41f0
Mandriva Linux Security Advisory 2013-198
Posted Jul 24, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-198 - A denial of service flaw was found in the way libxml2, a library providing support to read, modify and write XML and HTML files, performed string substitutions when entity values for external entity references replacement was requested / enabled during the XML file parsing. A remote attacker could provide a specially-crafted XML file containing an external entity expansion, when processed would lead to excessive CPU consumption (denial of service.This a different flaw from CVE-2013-0338. parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2013-0339, CVE-2013-2877
MD5 | 25beea34e921a3859fbf38b5e844e2a8
Debian Security Advisory 2724-1
Posted Jul 19, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2724-1 - Several vulnerabilities have been discovered in the Chromium web browser.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2013-2853, CVE-2013-2867, CVE-2013-2868, CVE-2013-2869, CVE-2013-2870, CVE-2013-2871, CVE-2013-2873, CVE-2013-2875, CVE-2013-2876, CVE-2013-2877, CVE-2013-2878, CVE-2013-2879, CVE-2013-2880
MD5 | 4c0381b61add06bb61d868ea4f84e6e3
Ubuntu Security Notice USN-1904-2
Posted Jul 17, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1904-2 - USN-1904-1 fixed vulnerabilities in libxml2. The update caused a regression for certain users. This update fixes the problem. It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability, xxe
systems | linux, ubuntu
advisories | CVE-2013-0339, CVE-2013-2877
MD5 | 299e2e1ef39b895ca37b71f7b3fddc31
Ubuntu Security Notice USN-1904-1
Posted Jul 16, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1904-1 - It was discovered that libxml2 would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly obtain access to arbitrary files or cause resource consumption. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. It was discovered that libxml2 incorrectly handled documents that end abruptly. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, xxe
systems | linux, ubuntu
advisories | CVE-2013-0339, CVE-2013-2877, CVE-2013-0339, CVE-2013-2877
MD5 | f4f35de65d8e827fa444b5407469a968
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close