CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7375
https://notcve.org/view.php?id=CVE-2017-7375
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). Un error en libxml2 permite la inclusión de entidades XML con marcas de analizador por defecto (por ejemplo, cuando el "caller" no solicitó la sustitución de entidades, validación DTD, carga de subconjuntos DTD externo o los atributos DTD por defecto). Dependiendo del contexto, esto podría exponer una superficie de ataque de mayor riesgo en libxml2 que, normalmente, no sería accesible mediante marcas de analizador por defecto. Además, podría exponer contenido de archivos locales o de servidores HTTP y FTP (que serían inalcanzables de otra forma). • http://www.securityfocus.com/bid/98877 http://www.securitytracker.com/id/1038623 https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa https://bugzilla.redhat.com/show_bug.cgi?id=1462203 https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e https://security.gentoo.org/glsa/201711-01 https://source.android.com/security/bulletin/2017-06-01 https://www.debian.org/security/2017/dsa-3952 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 34%CPEs: 11EXPL: 0CVE-2017-7376
https://notcve.org/view.php?id=CVE-2017-7376
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. Desbordamiento de búfer en libxml2 permite que atacantes remotos ejecuten código arbitrario aprovechando un límite incorrecto para los valores del puerto cuando se gestionan las redirecciones. • http://www.securityfocus.com/bid/98877 http://www.securitytracker.com/id/1038623 https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4 https://bugzilla.redhat.com/show_bug.cgi?id=1462216 https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e https://source.android.com/security/bulletin/2017-06-01 https://www.debian.org/security/2017/dsa-3952 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9047 – libxml2: Buffer overflow in function xmlSnprintfElementContent
https://notcve.org/view.php?id=CVE-2017-9047
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). • http://www.debian.org/security/2017/dsa-3952 http://www.openwall.com/lists/oss-security/2017/05/15/1 http://www.securityfocus.com/bid/98599 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201711-01 https://access.redhat.com/security/cve/CVE-2017-9047 https://bugzilla.redhat& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9048 – libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent
https://notcve.org/view.php?id=CVE-2017-9048
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash. En libxml2 versión 20904-GITv2.9.4-16-g0741801 es vulnerable a un desbordamiento de búfer en la región stack de la memoria. • http://www.debian.org/security/2017/dsa-3952 http://www.openwall.com/lists/oss-security/2017/05/15/1 http://www.securityfocus.com/bid/98556 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201711-01 https://access.redhat.com/security/cve/CVE-2017-9048 https://bugzilla.redhat& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-9049 – libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey
https://notcve.org/view.php?id=CVE-2017-9049
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. libxml2 20904-GIT versión 2.9.4-16-g0741801, es vulnerable a una lectura excesiva de búfer en la región heap de la memoria en la función xmlDictComputeFastKey en el archivo dict.c. Esta vulnerabilidad causa que los programas que utilizan libxml2, como PHP, se bloqueen. Esta vulnerabilidad se presenta debido a una corrección incompleta para libxml2 Bug 759398. • http://www.debian.org/security/2017/dsa-3952 http://www.openwall.com/lists/oss-security/2017/05/15/1 http://www.securityfocus.com/bid/98601 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/201711-01 https://access.redhat.com/security/cve/CVE-2017-9049 https://bugzilla.redhat& • CWE-125: Out-of-bounds Read •