libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2017-9049 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 6.5 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity Impact | None |
Availability Impact | High |
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss Core Services 1 | RHSA-2018:2486 | 2018-08-16 |
Platform | Package | State |
---|---|---|
Red Hat JBoss Web Server 3.0 | libxml2 | Will not fix |
Red Hat Enterprise Linux 7 | libxml2 | Will not fix |
Red Hat Enterprise Linux 6 | libxml2 | Will not fix |
Red Hat Enterprise Linux 5 | libxml2 | Will not fix |