Описание
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-libxml2 | Affected | ||
| Red Hat JBoss Enterprise Web Server 3 | libxml2 | Will not fix | ||
| Red Hat Ansible Tower 3.5 for RHEL 7 | ansible-tower-35/ansible-tower | Fixed | RHBA-2020:1539 | 22.04.2020 |
| Red Hat Ansible Tower 3.6 for RHEL 7 | ansible-tower-36/ansible-tower | Fixed | RHBA-2020:1540 | 22.04.2020 |
| Red Hat Enterprise Linux 6 Supplementary | chromium-browser | Fixed | RHSA-2017:3401 | 07.12.2017 |
| Red Hat Enterprise Linux 7 | libxml2 | Fixed | RHSA-2020:1190 | 31.03.2020 |
| Text-Only JBCS | libxml2 | Fixed | RHSA-2018:0287 | 08.02.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
EPSS
8.8 High
CVSS3