Описание
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | released | 2.9.4+dfsg1-6.1ubuntu1.2 |
| devel | released | 2.9.4+dfsg1-7ubuntu1 |
| esm-infra-legacy/trusty | released | 2.9.1+dfsg1-3ubuntu4.13 |
| esm-infra/bionic | released | 2.9.4+dfsg1-6.1ubuntu1.2 |
| esm-infra/xenial | released | 2.9.3+dfsg1-1ubuntu0.6 |
| precise/esm | not-affected | 2.7.8.dfsg-5.1ubuntu4.21 |
| trusty | released | 2.9.1+dfsg1-3ubuntu4.13 |
| trusty/esm | released | 2.9.1+dfsg1-3ubuntu4.13 |
| upstream | released | 2.9.9 |
Показывать по
EPSS
5 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPat ...
Уязвимость функции xpath.c:xmlXPathCompOpEval() библиотеки libxml2, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
6.5 Medium
CVSS3