Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.win:def:56445
[Eng]
Version
6
Class
vulnerability
ALTXid
184508
Language
Russian
Severity
Critical
Title
Уязвимость в Node.js пакете libxmljs до версии меньше либо равной 0.16.1 (CVE-2012-5134)
Description
Незаполнение кучи в xmlParseAttValueComplex функция в parser.c в libxml2 2.9.0 и ниже в Google Chrome до 23.0.1271.91 позволяет удалённым злоумышленникам вызвать отказ в обслуживании и выполнить произвольный код через специально сформированные сущности в XML документе.
Family
windows
Product
Node.js
libxmljs
Reference
FSTEC: BDU:2015-09713
FSTEC: BDU:2015-09713
Id:
BDU:2015-09713
Reference:
https://bdu.fstec.ru/vul/2015-09713
FSTEC: BDU:2015-08641
FSTEC: BDU:2015-08641
Id:
BDU:2015-08641
Reference:
https://bdu.fstec.ru/vul/2015-08641
FSTEC: BDU:2015-08640
FSTEC: BDU:2015-08640
Id:
BDU:2015-08640
Reference:
https://bdu.fstec.ru/vul/2015-08640
FSTEC: BDU:2015-08639
FSTEC: BDU:2015-08639
Id:
BDU:2015-08639
Reference:
https://bdu.fstec.ru/vul/2015-08639
FSTEC: BDU:2015-06430
FSTEC: BDU:2015-06430
Id:
BDU:2015-06430
Reference:
https://bdu.fstec.ru/vul/2015-06430
FSTEC: BDU:2015-06429
FSTEC: BDU:2015-06429
Id:
BDU:2015-06429
Reference:
https://bdu.fstec.ru/vul/2015-06429
FSTEC: BDU:2015-06428
FSTEC: BDU:2015-06428
Id:
BDU:2015-06428
Reference:
https://bdu.fstec.ru/vul/2015-06428
FSTEC: BDU:2015-05527
FSTEC: BDU:2015-05527
Id:
BDU:2015-05527
Reference:
https://bdu.fstec.ru/vul/2015-05527
FSTEC: BDU:2015-05526
FSTEC: BDU:2015-05526
Id:
BDU:2015-05526
Reference:
https://bdu.fstec.ru/vul/2015-05526
FSTEC: BDU:2015-05525
FSTEC: BDU:2015-05525
Id:
BDU:2015-05525
Reference:
https://bdu.fstec.ru/vul/2015-05525
FSTEC: BDU:2015-05524
FSTEC: BDU:2015-05524
Id:
BDU:2015-05524
Reference:
https://bdu.fstec.ru/vul/2015-05524
FSTEC: BDU:2015-05523
FSTEC: BDU:2015-05523
Id:
BDU:2015-05523
Reference:
https://bdu.fstec.ru/vul/2015-05523
FSTEC: BDU:2015-05522
FSTEC: BDU:2015-05522
Id:
BDU:2015-05522
Reference:
https://bdu.fstec.ru/vul/2015-05522
FSTEC: BDU:2015-05521
FSTEC: BDU:2015-05521
Id:
BDU:2015-05521
Reference:
https://bdu.fstec.ru/vul/2015-05521
FSTEC: BDU:2015-05520
FSTEC: BDU:2015-05520
Id:
BDU:2015-05520
Reference:
https://bdu.fstec.ru/vul/2015-05520
FSTEC: BDU:2015-05519
FSTEC: BDU:2015-05519
Id:
BDU:2015-05519
Reference:
https://bdu.fstec.ru/vul/2015-05519
FSTEC: BDU:2015-05518
FSTEC: BDU:2015-05518
Id:
BDU:2015-05518
Reference:
https://bdu.fstec.ru/vul/2015-05518
FSTEC: BDU:2015-05517
FSTEC: BDU:2015-05517
Id:
BDU:2015-05517
Reference:
https://bdu.fstec.ru/vul/2015-05517
FSTEC: BDU:2015-05516
FSTEC: BDU:2015-05516
Id:
BDU:2015-05516
Reference:
https://bdu.fstec.ru/vul/2015-05516
FSTEC: BDU:2015-05515
FSTEC: BDU:2015-05515
Id:
BDU:2015-05515
Reference:
https://bdu.fstec.ru/vul/2015-05515
FSTEC: BDU:2015-05514
FSTEC: BDU:2015-05514
Id:
BDU:2015-05514
Reference:
https://bdu.fstec.ru/vul/2015-05514
FSTEC: BDU:2015-05513
FSTEC: BDU:2015-05513
Id:
BDU:2015-05513
Reference:
https://bdu.fstec.ru/vul/2015-05513
FSTEC: BDU:2015-05512
FSTEC: BDU:2015-05512
Id:
BDU:2015-05512
Reference:
https://bdu.fstec.ru/vul/2015-05512
FSTEC: BDU:2015-05511
FSTEC: BDU:2015-05511
Id:
BDU:2015-05511
Reference:
https://bdu.fstec.ru/vul/2015-05511
FSTEC: BDU:2015-05510
FSTEC: BDU:2015-05510
Id:
BDU:2015-05510
Reference:
https://bdu.fstec.ru/vul/2015-05510
FSTEC: BDU:2015-05509
FSTEC: BDU:2015-05509
Id:
BDU:2015-05509
Reference:
https://bdu.fstec.ru/vul/2015-05509
FSTEC: BDU:2015-05508
FSTEC: BDU:2015-05508
Id:
BDU:2015-05508
Reference:
https://bdu.fstec.ru/vul/2015-05508
FSTEC: BDU:2015-05507
FSTEC: BDU:2015-05507
Id:
BDU:2015-05507
Reference:
https://bdu.fstec.ru/vul/2015-05507
FSTEC: BDU:2015-04355
FSTEC: BDU:2015-04355
Id:
BDU:2015-04355
Reference:
https://bdu.fstec.ru/vul/2015-04355
FSTEC: BDU:2015-04354
FSTEC: BDU:2015-04354
Id:
BDU:2015-04354
Reference:
https://bdu.fstec.ru/vul/2015-04354
FSTEC: BDU:2015-04353
FSTEC: BDU:2015-04353
Id:
BDU:2015-04353
Reference:
https://bdu.fstec.ru/vul/2015-04353
FSTEC: BDU:2015-04352
FSTEC: BDU:2015-04352
Id:
BDU:2015-04352
Reference:
https://bdu.fstec.ru/vul/2015-04352
FSTEC: BDU:2015-04351
FSTEC: BDU:2015-04351
Id:
BDU:2015-04351
Reference:
https://bdu.fstec.ru/vul/2015-04351
FSTEC: BDU:2015-04350
FSTEC: BDU:2015-04350
Id:
BDU:2015-04350
Reference:
https://bdu.fstec.ru/vul/2015-04350
FSTEC: BDU:2015-04349
FSTEC: BDU:2015-04349
Id:
BDU:2015-04349
Reference:
https://bdu.fstec.ru/vul/2015-04349
npmjs: libxmljs
npmjs: libxmljs
Id:
libxmljs
Reference:
https://www.npmjs.com/package/libxmljs
CVE: CVE-2012-5134
CVE: CVE-2012-5134
Id:
CVE-2012-5134
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
Comment
: Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=880466 ()
APPLE-SA-2013-10-22-8 ()
SUSE-SU-2013:1627 ()
openSUSE-SU-2012:1637 ()
http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html ()
RHSA-2013:0217 ()
USN-1656-1 ()
DSA-2580 ()
http://support.apple.com/kb/HT6001 ()
google-libxml-buffer-underflow(80294) ()
1027815 ()
54886 ()
http://support.apple.com/kb/HT5934 ()
openSUSE-SU-2013:0178 ()
RHSA-2012:1512 ()
55568 ()
56684 ()
http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d ()
MDVSA-2013:056 ()
51448 ()
https://code.google.com/p/chromium/issues/detail?id=158249 ()
APPLE-SA-2013-09-18-2 ()
Content available only for registered users!
ovaldb@altx-soft.com