Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-0663

Опубликовано: 17 апр. 2017
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

Отчет

This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libxml2Will not fix
Red Hat Enterprise Linux 6libxml2Will not fix
Red Hat Enterprise Linux 7libxml2Will not fix
Red Hat Enterprise Linux 8libxml2Not affected
Red Hat Enterprise Linux 8mingw-libxml2Affected
Red Hat Enterprise Virtualization 3mingw-virt-viewerUnder investigation
Red Hat JBoss Core Serviceslibxml2Affected
Red Hat JBoss Web Server 3libxml2Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1462225libxml2: Heap buffer overflow in xmlAddID

EPSS

Процентиль: 80%
0.0134
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-0663

CVSS3: 7.8
ubuntu
больше 8 лет назад

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

nvd логотип

CVE-2017-0663

CVSS3: 7.8
nvd
больше 8 лет назад

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

debian логотип

CVE-2017-0663

CVSS3: 7.8
debian
больше 8 лет назад

A remote code execution vulnerability in libxml2 could enable an attac ...

github логотип

GHSA-9cf7-h7g3-cg3p

CVSS3: 7.8
github
больше 3 лет назад

A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

suse-cvrf логотип

openSUSE-SU-2017:1746-1

suse-cvrf
больше 8 лет назад

Security update for libxml2

EPSS

Процентиль: 80%
0.0134
Низкий

8.1 High

CVSS3