Описание
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libxml2 | fixed | 2.9.3+dfsg1-1 | package |
Примечания
https://bugzilla.gnome.org/show_bug.cgi?id=756263
https://gitlab.gnome.org/GNOME/libxml2/-/commit/ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
Introduced/Uncovered by https://gitlab.gnome.org/GNOME/libxml2/-/commit/a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
https://www.openwall.com/lists/oss-security/2015/11/17/5
EPSS
Связанные уязвимости
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию
EPSS