CVE-2010-4008
The MITRE CVE dictionary describes this issue as:
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
Find out more about CVE-2010-4008 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat Enterprise Linux 6 (libxml2) | RHSA-2011:1749 | 2011-12-05 |
| Red Hat Enterprise Linux 6 (mingw32-libxml2) | RHSA-2013:0217 | 2013-01-31 |
| Red Hat Enterprise Linux 5 (libxml2) | RHSA-2012:0017 | 2012-01-11 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 4 | libxml2 | Not affected |
| Red Hat Enterprise Linux 3 | libxml2 | Not affected |
| Red Hat Enterprise Linux 3 | libxml | Not affected |
Acknowledgements
Red Hat would like to thank the Google Security Team for reporting this issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter.CVE description copyright © 2017, The MITRE Corporation