Описание
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxml2 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 3 | libxml2 | Affected | ||
| Red Hat Enterprise Linux 6 | libxml2 | Fixed | RHSA-2016:1292 | 23.06.2016 |
| Red Hat Enterprise Linux 7 | libxml2 | Fixed | RHSA-2016:1292 | 23.06.2016 |
| Text-Only JBCS | Fixed | RHSA-2016:2957 | 15.12.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 a ...
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
Уязвимость функции xmlParseElementDecl (parser.c) библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2