製品・ソフトウェアに関する情報

JVN脆弱性詳細

64-bit Linux プラットフォーム上の Google Chrome で使用される libxml2 における整数オーバーフローの脆弱性

タイトル	64-bit Linux プラットフォーム上の Google Chrome で使用される libxml2 における整数オーバーフローの脆弱性
概要	64-bit Linux プラットフォーム上で稼働する Google Chrome で使用される libxml2 には、整数オーバーフローの脆弱性が存在します。
想定される影響	第三者により、サービス運用妨害 (DoS) 状態にされるなど、不特定の影響を受ける可能性があります。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2012年6月26日0:00
登録日	2012年6月28日14:20
最終更新日	2014年2月3日11:22

CVSS2.0 : 警告
スコア	6.8
ベクター	AV:N/AC:M/Au:N/C:P/I:P/A:P

影響を受けるシステム

アップル

Apple TV 6.0 未満 (Apple TV 第 2 世代以降)

iOS 7 未満 (iPad 2 以降)

iOS 7 未満 (iPhone 4 以降)

iOS 7 未満 (iPod touch 第 5 世代以降)

iTunes 11.1.4 未満 (Windows 7)

iTunes 11.1.4 未満 (Windows 8)

iTunes 11.1.4 未満 (Windows Vista)

iTunes 11.1.4 未満 (Windows XP SP2 以降)

Google

Google Chrome 20.0.1132.43 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-2807	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
National Vulnerability Database (NVD)
2	CVE-2012-2807	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2807
SECURITY BLOG
3	CVE-2012-2807 Numeric Errors vulnerability in libxslt	https://blogs.oracle.com/sunsecurity/entry/cve_2012_2807_numeric_errors

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-189	https://jvndb.jvn.jp/ja/cwe/CWE-189.html

ベンダー情報

No	名前	URL
Apple Mailing Lists
1	APPLE-SA-2013-09-18-2	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
2	APPLE-SA-2013-09-20-1	http://lists.apple.com/archives/security-announce/2013/Sep/msg00008.html
3	APPLE-SA-2013-10-22-8	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
Apple Security Updates
4	HT5934	http://support.apple.com/kb/HT5934
5	HT5935	http://support.apple.com/kb/HT5935
6	HT6001	http://support.apple.com/kb/HT6001
Apple セキュリティアップデート
7	HT5934	http://support.apple.com/kb/HT5934?viewlocale=ja_JP
8	HT5935	http://support.apple.com/kb/HT5935?viewlocale=ja_JP
9	HT6001	http://support.apple.com/kb/HT6001?viewlocale=ja_JP
Debian セキュリティ勧告
10	DSA-2521	http://www.debian.org/security/2012/dsa-2521
Google
11	Google Chrome	http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja
12	Stable Channel Update	http://googlechromereleases.blogspot.jp/2012/06/stable-channel-update_26.html
opensuse-updates
13	openSUSE-SU-2012:0813	http://lists.opensuse.org/opensuse-updates/2012-07/msg00003.html
Security Advisories
14	MDVSA-2012:126	http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
15	MDVSA-2013:056	http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
Ubuntu Security Notice
16	USN-1587-1	http://www.ubuntu.com/usn/USN-1587-1

その他

No	名前	URL
JVN
1	JVNVU#94321146	http://jvn.jp/vu/JVNVU94321146/
2	JVNVU#95174988	http://jvn.jp/cert/JVNVU95174988/
3	JVNVU#98681940	http://jvn.jp/cert/JVNVU98681940/index.html

変更履歴

No	変更内容	変更日
0	[2012年06月28日] 掲載 [2012年07月26日] ベンダ情報：Novell (openSUSE-SU-2012:0813) を追加 [2012年09月14日] ベンダ情報：Debian (DSA-2521) を追加 [2012年11月09日] ベンダ情報：Ubuntu (USN-1587-1) を追加 [2013年07月25日] ベンダ情報：オラクル (CVE-2012-2807 Numeric Errors vulnerability in libxslt) を追加 [2013年10月15日] 影響を受けるシステム：アップル (HT5934) の情報を追加影響を受けるシステム：アップル (HT5935) の情報を追加ベンダ情報：アップル (HT5934) を追加ベンダ情報：アップル (HT5935) を追加ベンダ情報：アップル (APPLE-SA-2013-09-18-2) を追加参考情報：JVN (JVNVU#98681940) を追加 [2013年11月08日] CVSS による深刻度：内容を更新影響を受けるシステム：アップル (HT6001) の情報を追加ベンダ情報：Mandriva, Inc. (MDVSA-2012:126) を追加ベンダ情報：Mandriva, Inc. (MDVSA-2013:056) を追加ベンダ情報：アップル (HT6001) を追加ベンダ情報：アップル (APPLE-SA-2013-09-20-1) を追加ベンダ情報：アップル (APPLE-SA-2013-10-22-8) を追加参考情報：JVN (JVNVU#95174988) を追加 [2014年02月03日] 影響を受けるシステム：内容を更新参考情報：JVN (JVNVU#94321146) を追加	2018年2月17日10:37

NVD脆弱性情報

CVE-2012-2807

概要	Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
公表日	2012年6月27日19:18
登録日	2021年1月28日14:59
最終更新日	2024年11月21日10:39

影響を受けるソフトウェアの構成

構成1		以上	以下	より上	未満
cpe:2.3:a:google:chrome::::::::			20.0.1132.42
cpe:2.3:a:google:chrome:20.0.1132.0:::::::*
cpe:2.3:a:google:chrome:20.0.1132.1:::::::*
cpe:2.3:a:google:chrome:20.0.1132.2:::::::*
cpe:2.3:a:google:chrome:20.0.1132.3:::::::*
cpe:2.3:a:google:chrome:20.0.1132.4:::::::*
cpe:2.3:a:google:chrome:20.0.1132.5:::::::*
cpe:2.3:a:google:chrome:20.0.1132.6:::::::*
cpe:2.3:a:google:chrome:20.0.1132.7:::::::*
cpe:2.3:a:google:chrome:20.0.1132.8:::::::*
cpe:2.3:a:google:chrome:20.0.1132.9:::::::*
cpe:2.3:a:google:chrome:20.0.1132.10:::::::*
cpe:2.3:a:google:chrome:20.0.1132.11:::::::*
cpe:2.3:a:google:chrome:20.0.1132.12:::::::*
cpe:2.3:a:google:chrome:20.0.1132.13:::::::*
cpe:2.3:a:google:chrome:20.0.1132.14:::::::*
cpe:2.3:a:google:chrome:20.0.1132.15:::::::*
cpe:2.3:a:google:chrome:20.0.1132.16:::::::*
cpe:2.3:a:google:chrome:20.0.1132.17:::::::*
cpe:2.3:a:google:chrome:20.0.1132.18:::::::*
cpe:2.3:a:google:chrome:20.0.1132.19:::::::*
cpe:2.3:a:google:chrome:20.0.1132.20:::::::*
cpe:2.3:a:google:chrome:20.0.1132.21:::::::*
cpe:2.3:a:google:chrome:20.0.1132.22:::::::*
cpe:2.3:a:google:chrome:20.0.1132.23:::::::*
cpe:2.3:a:google:chrome:20.0.1132.24:::::::*
cpe:2.3:a:google:chrome:20.0.1132.25:::::::*
cpe:2.3:a:google:chrome:20.0.1132.26:::::::*
cpe:2.3:a:google:chrome:20.0.1132.27:::::::*
cpe:2.3:a:google:chrome:20.0.1132.28:::::::*
cpe:2.3:a:google:chrome:20.0.1132.29:::::::*
cpe:2.3:a:google:chrome:20.0.1132.30:::::::*
cpe:2.3:a:google:chrome:20.0.1132.31:::::::*
cpe:2.3:a:google:chrome:20.0.1132.32:::::::*
cpe:2.3:a:google:chrome:20.0.1132.33:::::::*
cpe:2.3:a:google:chrome:20.0.1132.34:::::::*
cpe:2.3:a:google:chrome:20.0.1132.35:::::::*
cpe:2.3:a:google:chrome:20.0.1132.36:::::::*
cpe:2.3:a:google:chrome:20.0.1132.37:::::::*
cpe:2.3:a:google:chrome:20.0.1132.38:::::::*
cpe:2.3:a:google:chrome:20.0.1132.39:::::::*
cpe:2.3:a:google:chrome:20.0.1132.40:::::::*
cpe:2.3:a:google:chrome:20.0.1132.41:::::::*
実行環境
1	cpe:2.3:o:linux:linux_kernel:::64-bit:::::*

構成2	以上	以下	より上	未満
cpe:2.3:o:apple:iphone_os:6.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0:::::::*
cpe:2.3:o:apple:iphone_os:3.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
cpe:2.3:o:apple:iphone_os::::::::		6.1.4
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:6.1.3:::::::*
cpe:2.3:o:apple:iphone_os:5.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
cpe:2.3:o:apple:iphone_os:6.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:6.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
cpe:2.3:o:apple:iphone_os:6.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:5.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:5.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
cpe:2.3:o:apple:iphone_os:6.0.1:::::::*

構成1		以上	以下	より上	未満
cpe:2.3:a:google:chrome::::::::			20.0.1132.42
cpe:2.3:a:google:chrome:20.0.1132.0:::::::*
cpe:2.3:a:google:chrome:20.0.1132.1:::::::*
cpe:2.3:a:google:chrome:20.0.1132.2:::::::*
cpe:2.3:a:google:chrome:20.0.1132.3:::::::*
cpe:2.3:a:google:chrome:20.0.1132.4:::::::*
cpe:2.3:a:google:chrome:20.0.1132.5:::::::*
cpe:2.3:a:google:chrome:20.0.1132.6:::::::*
cpe:2.3:a:google:chrome:20.0.1132.7:::::::*
cpe:2.3:a:google:chrome:20.0.1132.8:::::::*
cpe:2.3:a:google:chrome:20.0.1132.9:::::::*
cpe:2.3:a:google:chrome:20.0.1132.10:::::::*
cpe:2.3:a:google:chrome:20.0.1132.11:::::::*
cpe:2.3:a:google:chrome:20.0.1132.12:::::::*
cpe:2.3:a:google:chrome:20.0.1132.13:::::::*
cpe:2.3:a:google:chrome:20.0.1132.14:::::::*
cpe:2.3:a:google:chrome:20.0.1132.15:::::::*
cpe:2.3:a:google:chrome:20.0.1132.16:::::::*
cpe:2.3:a:google:chrome:20.0.1132.17:::::::*
cpe:2.3:a:google:chrome:20.0.1132.18:::::::*
cpe:2.3:a:google:chrome:20.0.1132.19:::::::*
cpe:2.3:a:google:chrome:20.0.1132.20:::::::*
cpe:2.3:a:google:chrome:20.0.1132.21:::::::*
cpe:2.3:a:google:chrome:20.0.1132.22:::::::*
cpe:2.3:a:google:chrome:20.0.1132.23:::::::*
cpe:2.3:a:google:chrome:20.0.1132.24:::::::*
cpe:2.3:a:google:chrome:20.0.1132.25:::::::*
cpe:2.3:a:google:chrome:20.0.1132.26:::::::*
cpe:2.3:a:google:chrome:20.0.1132.27:::::::*
cpe:2.3:a:google:chrome:20.0.1132.28:::::::*
cpe:2.3:a:google:chrome:20.0.1132.29:::::::*
cpe:2.3:a:google:chrome:20.0.1132.30:::::::*
cpe:2.3:a:google:chrome:20.0.1132.31:::::::*
cpe:2.3:a:google:chrome:20.0.1132.32:::::::*
cpe:2.3:a:google:chrome:20.0.1132.33:::::::*
cpe:2.3:a:google:chrome:20.0.1132.34:::::::*
cpe:2.3:a:google:chrome:20.0.1132.35:::::::*
cpe:2.3:a:google:chrome:20.0.1132.36:::::::*
cpe:2.3:a:google:chrome:20.0.1132.37:::::::*
cpe:2.3:a:google:chrome:20.0.1132.38:::::::*
cpe:2.3:a:google:chrome:20.0.1132.39:::::::*
cpe:2.3:a:google:chrome:20.0.1132.40:::::::*
cpe:2.3:a:google:chrome:20.0.1132.41:::::::*
実行環境
1	cpe:2.3:o:linux:linux_kernel:::64-bit:::::*

構成2	以上	以下	より上	未満
cpe:2.3:o:apple:iphone_os:6.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0:::::::*
cpe:2.3:o:apple:iphone_os:3.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
cpe:2.3:o:apple:iphone_os::::::::		6.1.4
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:6.1.3:::::::*
cpe:2.3:o:apple:iphone_os:5.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
cpe:2.3:o:apple:iphone_os:6.0.2:::::::*
cpe:2.3:o:apple:iphone_os:4.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:3.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:6.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
cpe:2.3:o:apple:iphone_os:6.1:::::::*
cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:5.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:5.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:4.0:::::::*
cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
cpe:2.3:o:apple:iphone_os:6.0.1:::::::*

No	URL	refsource	タグ
1	http://code.google.com/p/chromium/issues/detail?id=129930
2	http://code.google.com/p/chromium/issues/detail?id=129930
3	http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
4	http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html
5	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
6	http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html
7	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
8	http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
9	http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
10	http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html
11	http://secunia.com/advisories/50658
12	http://secunia.com/advisories/50658
13	http://secunia.com/advisories/50800
14	http://secunia.com/advisories/50800
15	http://secunia.com/advisories/54886
16	http://secunia.com/advisories/54886
17	http://secunia.com/advisories/55568
18	http://secunia.com/advisories/55568
19	http://support.apple.com/kb/HT5934
20	http://support.apple.com/kb/HT5934
21	http://support.apple.com/kb/HT6001
22	http://support.apple.com/kb/HT6001
23	http://www.debian.org/security/2012/dsa-2521
24	http://www.debian.org/security/2012/dsa-2521
25	http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
26	http://www.mandriva.com/security/advisories?name=MDVSA-2012:126
27	http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
28	http://www.mandriva.com/security/advisories?name=MDVSA-2013:056
29	http://www.securityfocus.com/bid/54718
30	http://www.securityfocus.com/bid/54718
31	http://www.ubuntu.com/usn/USN-1587-1
32	http://www.ubuntu.com/usn/USN-1587-1
33	https://hermes.opensuse.org/messages/15075728
34	https://hermes.opensuse.org/messages/15075728
35	https://hermes.opensuse.org/messages/15375990
36	https://hermes.opensuse.org/messages/15375990