Описание
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.9.4+dfsg1-4ubuntu1 |
| devel | not-affected | |
| esm-infra-legacy/trusty | not-affected | 2.9.1+dfsg1-3ubuntu4.10 |
| esm-infra/xenial | not-affected | 2.9.3+dfsg1-1ubuntu0.3 |
| precise/esm | not-affected | 2.7.8.dfsg-5.1ubuntu4.18 |
| trusty | not-affected | 2.9.1+dfsg1-3ubuntu4.10 |
| trusty/esm | not-affected | 2.9.1+dfsg1-3ubuntu4.10 |
| upstream | released | 2.9.4+dfsg1-3.1, 2.9.5 |
| xenial | not-affected | 2.9.3+dfsg1-1ubuntu0.3 |
| zesty | not-affected | 2.9.4+dfsg1-2.2ubuntu0.1 |
Показывать по
Ссылки на источники
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
parser.c in libxml2 before 2.9.5 mishandles parameter-entity reference ...
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Уязвимость макроса NEXTL парсера xml-файлов (parser.c) библиотеки libxml2, позволяющая нарушителю внедрить XML-сущности
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3