Описание
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the --htmlout command line option, causing an application crash and resulting in a denial of service.
Отчет
This issue only affects the xmllint program when the `--htmlout' command line option is used. Additionally, an application is not vulnerable if it does not use or expose the xmllint program.
Меры по смягчению последствий
Do not process untrusted files with the xmllint program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libxml2 | Fix deferred | ||
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libxml2 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | libxml2 | Fix deferred | ||
| Red Hat JBoss Core Services | libxml2 | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2. ...
EPSS
5.5 Medium
CVSS3