Описание
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.9.4+dfsg1-6.1ubuntu1.4 |
| devel | not-affected | 2.9.10+dfsg-6.7 |
| esm-infra-legacy/trusty | not-affected | 2.9.1+dfsg1-3ubuntu4.13+esm2 |
| esm-infra/bionic | not-affected | 2.9.4+dfsg1-6.1ubuntu1.4 |
| esm-infra/focal | not-affected | 2.9.10+dfsg-5ubuntu0.20.04.1 |
| esm-infra/xenial | released | 2.9.3+dfsg1-1ubuntu0.7+esm1 |
| focal | released | 2.9.10+dfsg-5ubuntu0.20.04.1 |
| groovy | released | 2.9.10+dfsg-5ubuntu0.20.10.2 |
| hirsute | released | 2.9.10+dfsg-6.3ubuntu0.1 |
| impish | not-affected | 2.9.10+dfsg-6.7 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
A vulnerability found in libxml2 in versions before 2.9.11 shows that ...
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3