Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-9048

Опубликовано: 18 мая 2017
Источник: debian

Описание

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml2fixed2.9.4+dfsg1-3.1package

Примечания

  • https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)

  • https://www.openwall.com/lists/oss-security/2017/05/15/1

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/932cc9896ab41475d4aa429c27d9afd175959d74

Связанные уязвимости

ubuntu логотип

CVE-2017-9048

CVSS3: 7.5
ubuntu
больше 8 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

redhat логотип

CVE-2017-9048

CVSS3: 4.8
redhat
больше 8 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

nvd логотип

CVE-2017-9048

CVSS3: 7.5
nvd
больше 8 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

github логотип

GHSA-rf96-7wvx-58w8

CVSS3: 7.5
github
больше 3 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

fstec логотип

BDU:2022-07417

CVSS3: 7.5
fstec
больше 8 лет назад

Уязвимость реализации функции xmlSnprintfElementContent() библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании