You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). Discovery Date: 2018-03-18 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Description: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. Discovery Date: 2018-09-28 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Description: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170. Discovery Date: 2017-11-11 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Description: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash. Discovery Date: 2017-11-11 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Description: Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. Discovery Date: 2019-05-17 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Description: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4. Discovery Date: 2019-08-29 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. Discovery Date: 2017-11-11 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839. Discovery Date: 2017-11-11 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. Discovery Date: 2017-11-11 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVE-2017-7375
Description: A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Discovery Date: 2018-03-18
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score: 7.5
Exploitability score: 10.0Impact score: 6.4
Vendors
References
CVE-2018-14404
Description: A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
Discovery Date: 2018-09-28
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score: 5.0
Exploitability score: 10.0Impact score: 2.9
Vendors
References
CVE-2017-0663
Description: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
Discovery Date: 2017-11-11
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score: 6.8
Exploitability score: 8.6Impact score: 6.4
Vendors
References
CVE-2017-9047
Description: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
Discovery Date: 2017-11-11
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score: 5.0
Exploitability score: 10.0Impact score: 2.9
Vendors
References
CVE-2017-7376
Description: Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Discovery Date: 2019-05-17
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score: 10.0
Exploitability score: 10.0Impact score: 10.0
Vendors
References
CVE-2019-5477
Description: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's
Kernel.openmethod. Processes are vulnerable only if the undocumented methodNokogiri::CSS::Tokenizer#load_fileis being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.Discovery Date: 2019-08-29
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score: 7.5
Exploitability score: 10.0Impact score: 6.4
Vendors
References
CVE-2017-9049
Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.
Discovery Date: 2017-11-11
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score: 5.0
Exploitability score: 10.0Impact score: 2.9
Vendors
References
CVE-2017-9050
Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
Discovery Date: 2017-11-11
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score: 5.0
Exploitability score: 10.0Impact score: 2.9
Vendors
References
CVE-2017-9048
Description: libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.
Discovery Date: 2017-11-11
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score: 5.0
Exploitability score: 10.0Impact score: 2.9
Vendors
References
The text was updated successfully, but these errors were encountered: