CVE-2011-2834

Published: Sep 19, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Affected (10)

Products: Google: Chrome · Apple: Iphone Os, Mac Os X · Debian: Debian Linux · +1 more

Show all products

Google: Chrome · Apple: Iphone Os, Mac Os X · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus, Enterprise Linux Workstation

1 product

2 products

1 product

4 products

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Eus

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 14.0.835.163

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 6.0
Apple Mac Os X	Before 10.7.4

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 5.0
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Configuration D

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Eus	Version 6.3
Redhat Enterprise Linux Workstation	Version 6.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (28)

http://code.google.com/p/chromium/issues/detail?id=93472

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Source: chrome-cve-admin@google.com

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Source: chrome-cve-admin@google.com

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: chrome-cve-admin@google.com

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

Source: chrome-cve-admin@google.com

http://osvdb.org/75560

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2013-0217.html

Source: chrome-cve-admin@google.com

http://support.apple.com/kb/HT5281

Source: chrome-cve-admin@google.com

http://support.apple.com/kb/HT5503

Source: chrome-cve-admin@google.com

http://www.debian.org/security/2012/dsa-2394

Source: chrome-cve-admin@google.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:145

Source: chrome-cve-admin@google.com

http://www.redhat.com/support/errata/RHSA-2011-1749.html

Source: chrome-cve-admin@google.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/69885

Source: chrome-cve-admin@google.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410

Source: chrome-cve-admin@google.com

http://code.google.com/p/chromium/issues/detail?id=93472

Source: af854a3a-2127-422b-91ae-364da2661108

http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/75560

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0217.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5281

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5503

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2394

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:145

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2011-1749.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69885

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14410

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.