CVE-2011-3905 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:P
Chrome	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
google	chrome	𝑥 < 16.0.912.63
debian	debian_linux	5.0
debian	debian_linux	6.0
debian	debian_linux	7.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_eus	6.3
redhat	enterprise_linux_workstation	6.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libxml2

bullseye	2.9.10+dfsg-6.7+deb11u4 fixed
bullseye (security)	2.9.10+dfsg-6.7+deb11u5 fixed
bookworm	2.9.14+dfsg-1.3~deb12u1 fixed
sid	2.12.7+dfsg+really2.9.14-0.1 fixed
trixie	2.12.7+dfsg+really2.9.14-0.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

oneiric	Fixed 17.0.963.56~r121963-0ubuntu0.11.10.1 released
natty	Fixed 17.0.963.56~r121963-0ubuntu0.11.04.1 released
maverick	Fixed 17.0.963.56~r121963-0ubuntu0.10.10.1 released
lucid	Fixed 17.0.963.56~r121963-0ubuntu0.10.04.1 released
hardy	dne

libxml2

oneiric	Fixed 2.7.8.dfsg-4ubuntu0.1 released
natty	Fixed 2.7.8.dfsg-2ubuntu0.2 released
maverick	Fixed 2.7.7.dfsg-4ubuntu0.3 released
lucid	Fixed 2.7.6.dfsg-1ubuntu1.3 released
hardy	Fixed 2.6.31.dfsg-2ubuntu1.7 released

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

http://code.google.com/p/chromium/issues/detail?id=95465

http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://www.debian.org/security/2012/dsa-2394

http://www.mandriva.com/security/advisories?name=MDVSA-2011:188

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14761

http://code.google.com/p/chromium/issues/detail?id=95465

http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html

http://rhn.redhat.com/errata/RHSA-2013-0217.html

http://www.debian.org/security/2012/dsa-2394

http://www.mandriva.com/security/advisories?name=MDVSA-2011:188

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14761