CVE-2011-2821 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
Chrome	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 84%

Vendor	Product	Version
google	chrome	𝑥 < 13.0.782.215
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.3
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
apple	iphone_os	𝑥 < 6.0
apple	mac_os_x	𝑥 < 10.7.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libxml2

bullseye	2.9.10+dfsg-6.7+deb11u4 fixed
squeeze	no-dsa
bullseye (security)	2.9.10+dfsg-6.7+deb11u5 fixed
bookworm	2.9.14+dfsg-1.3~deb12u1 fixed
sid	2.12.7+dfsg+really2.9.14-0.1 fixed
trixie	2.12.7+dfsg+really2.9.14-0.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

oneiric	not-affected
natty	Fixed 14.0.835.202~r103287-0ubuntu0.11.04.1 released
maverick	Fixed 14.0.835.202~r103287-0ubuntu0.10.10.1 released
lucid	Fixed 14.0.835.202~r103287-0ubuntu0.10.04.2 released
hardy	dne

libxml2

oneiric	Fixed 2.7.8.dfsg-4ubuntu0.1 released
natty	Fixed 2.7.8.dfsg-2ubuntu0.2 released
maverick	Fixed 2.7.7.dfsg-4ubuntu0.3 released
lucid	Fixed 2.7.6.dfsg-1ubuntu1.3 released
hardy	ignored

Common Weakness Enumeration

CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

http://code.google.com/p/chromium/issues/detail?id=89402

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

http://www.debian.org/security/2012/dsa-2394

http://www.mandriva.com/security/advisories?name=MDVSA-2011:145

http://www.redhat.com/support/errata/RHSA-2011-1749.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840

http://code.google.com/p/chromium/issues/detail?id=89402

http://googlechromereleases.blogspot.com/2011/08/stable-channel-update_22.html

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://support.apple.com/kb/HT5281

http://support.apple.com/kb/HT5503

http://www.debian.org/security/2012/dsa-2394

http://www.mandriva.com/security/advisories?name=MDVSA-2011:145

http://www.redhat.com/support/errata/RHSA-2011-1749.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13840