Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-9048

Опубликовано: 15 мая 2017
Источник: redhat
CVSS3: 4.8

Описание

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

Отчет

This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libxml2Will not fix
Red Hat Enterprise Linux 6libxml2Will not fix
Red Hat Enterprise Linux 7libxml2Will not fix
Red Hat Enterprise Linux 8libxml2Not affected
Red Hat Enterprise Linux 8mingw-libxml2Affected
Red Hat JBoss Core Serviceslibxml2Affected
Red Hat JBoss Enterprise Web Server 3libxml2Will not fix
Text-Only JBCSFixedRHSA-2018:248616.08.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1452549libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-9048

CVSS3: 7.5
ubuntu
больше 8 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

nvd логотип

CVE-2017-9048

CVSS3: 7.5
nvd
больше 8 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

debian логотип

CVE-2017-9048

CVSS3: 7.5
debian
больше 8 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...

github логотип

GHSA-rf96-7wvx-58w8

CVSS3: 7.5
github
больше 3 лет назад

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

fstec логотип

BDU:2022-07417

CVSS3: 7.5
fstec
больше 8 лет назад

Уязвимость реализации функции xmlSnprintfElementContent() библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

4.8 Medium

CVSS3