ID CVE-2013-1969
Summary Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function.
References
Vulnerable Configurations
  • XMLSoft Libxml2 2.9.0
    cpe:2.3:a:xmlsoft:libxml2:2.9.0
CVSS
Base: 7.5 (as of 26-04-2013 - 13:07)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-374.NASL
    description - fix for CVE-2013-1969 (bnc#815665) - libxml2-CVE-2013-1969.patch
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 74982
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74982
    title openSUSE Security Update : libxml2 (openSUSE-SU-2013:0945-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1817-1.NASL
    description It was discovered that libxml2 incorrectly handled memory management when parsing certain XML files. An attacker could use this flaw to cause libxml2 to crash, resulting in a denial of service, or to possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 66346
    published 2013-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66346
    title Ubuntu 13.04 : libxml2 vulnerability (USN-1817-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBXML2_20140731.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. (CVE-2013-1969)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80691
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80691
    title Oracle Solaris Third-Party Patch Update : libxml2 (cve_2013_1969_resource_management)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201311-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201311-06 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted document with an application linked against libxml2, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70836
    published 2013-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70836
    title GLSA-201311-06 : libxml2: Multiple vulnerabilities
refmap via4
confirm
mlist
  • [oss-security] 20130417 CVE request : libxml2 Multiple Use-After-Free Vulnerabilities
  • [oss-security] 20130418 Re: CVE request : libxml2 Multiple Use-After-Free Vulnerabilities
secunia 53061
suse
  • openSUSE-SU-2013:0729
  • openSUSE-SU-2013:0945
ubuntu USN-1817-1
Last major update 20-06-2013 - 23:17
Published 25-04-2013 - 19:55
Back to Top