Main Vulnerability Database Exploits ID:3644 - Exploit for Heap-based buffer overflow in Libxml2 - CVE-2011-1944

ID:3644 - Exploit for Heap-based buffer overflow in Libxml2 - CVE-2011-1944

Published: July 29, 2020

Vulnerability identifier: #VU32853

Vulnerability risk: High

CVE-ID: CVE-2011-1944

CWE-ID: CWE-122

Exploitation vector: Remote access

Vulnerable software:
Libxml2

Link to public exploit:

https://www.exploit-db.com/exploits/35810/

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier,. A remote attacker can use a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 2.7.0.

ID:3644 - Exploit for Heap-based buffer overflow in Libxml2 - CVE-2011-1944

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human