{
  "threat_severity" : "Low",
  "public_date" : "2010-11-04T00:00:00Z",
  "bugzilla" : {
    "description" : "libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis",
    "id" : "645341",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=645341"
  },
  "cvss" : {
    "cvss_base_score" : "4.3",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document." ],
  "statement" : "This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4.",
  "acknowledgement" : "Red Hat would like to thank Google Security Team for reporting this issue. Upstream acknowledges Bui Quang Minh (Bkis) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-01-11T00:00:00Z",
    "advisory" : "RHSA-2012:0017",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "libxml2-0:2.6.26-2.1.12.el5_7.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-12-05T00:00:00Z",
    "advisory" : "RHSA-2011:1749",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libxml2-0:2.7.6-4.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-01-31T00:00:00Z",
    "advisory" : "RHSA-2013:0217",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "mingw32-libxml2-0:2.7.6-6.el6_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-4008\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4008" ],
  "name" : "CVE-2010-4008",
  "csaw" : false
}