Published: 23/11/2017 Updated: 20/07/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

parser.c in libxml2 prior to 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxml2

parserc in libxml2 before 295 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name (CVE-2017-16931) GNOME project libxml2 v2910 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entitiesc The issue has been ...

xpointerc in libxml2 before 295 (as used in Apple iOS before 10, OS X before 1012, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document ( ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-119 https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 https://bugzilla.gnome.org/show_bug.cgi?id=766956 http://xmlsoft.org/news.html https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html https://www.oracle.com//security-alerts/cpujul2021.html https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2023-1743.html https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2017-16931

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect