Описание
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libxml2 | fixed | 2.9.4+dfsg1-5.1 | package | |
| libxml2 | no-dsa | jessie | package | |
| libxml2 | no-dsa | wheezy | package |
Примечания
https://www.openwall.com/lists/oss-security/2016/11/05/3
Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/94691dc884d1a8ada39f073408b4bb92fe7fe882
EPSS
Связанные уязвимости
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."
Уязвимость библиотеки Libxml2, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
EPSS