Описание
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2.9.3+dfsg1-1.2 |
| esm-infra-legacy/trusty | released | 2.9.1+dfsg1-3ubuntu4.8 |
| esm-infra/xenial | released | 2.9.3+dfsg1-1ubuntu0.1 |
| precise | released | 2.7.8.dfsg-5.1ubuntu4.15 |
| precise/esm | not-affected | 2.7.8.dfsg-5.1ubuntu4.15 |
| trusty | released | 2.9.1+dfsg1-3ubuntu4.8 |
| trusty/esm | released | 2.9.1+dfsg1-3ubuntu4.8 |
| upstream | released | 2.9.4 |
| vivid/stable-phone-overlay | ignored | end of life |
| vivid/ubuntu-core | DNE |
Показывать по
5.8 Medium
CVSS2
7.1 High
CVSS3
Связанные уязвимости
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntit ...
XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Уязвимость функции xmlStringLenDecodeEntities (parser.c) библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или раскрыть защищаемую информацию
5.8 Medium
CVSS2
7.1 High
CVSS3