Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.7
CVSSv3

CVE-2017-5969

Published: 11/04/2017 Updated: 17/05/2024
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1
VMScore: 232
Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
Subscribe to Xmlsoft

Vulnerability Summary

libxml2 2.9.4, when used in recover mode, allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2 2.9.4

Vendor Advisories

Debian CVElist Bug Report Logs: libxml2: CVE-2017-5130
Debian Bug report logs - #880000 libxml2: CVE-2017-5130 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 28 Oct 2017 08:03:04 UTC Severity: important Tags: patch, security, upstrea ...
Debian CVElist Bug Report Logs: CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode
Debian Bug report logs - #855001 CVE-2017-5969: libxml2: null pointer dereference when parsing a xml file using recover mode Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Henri Salo <hen ...
Red Hat: CVE-2017-5969
A NULL pointer dereference was discovered in libxml2, when using xmllint --recover A maliciously crafted file, when parsed in recovery mode, could cause the application to crash ...

Github Repositories

https://github.com/skdsfy/sok

SoK: Automated Vulnerability Repair The benchmark dataset Vul4C and framework for automated vulnerability repair in C/C++ Table of Contents Benchmark Dataset Vul4C Framework Repository Structure Usage 1 Benchmark Dataset Vul4C Our benchmark dataset Vul4C contains 140 vulnerabilities over 19 CWE types and 23 software Here is the statistics of Vul4C CWE Type Total Singl

https://github.com/SoK-Vul4C/SoK

SoK: Automated Vulnerability Repair The benchmark dataset Vul4C and framework for automated vulnerability repair in C/C++ Table of Contents Benchmark Dataset Vul4C Framework Repository Structure Usage 1 Benchmark Dataset Vul4C Our benchmark dataset Vul4C contains 140 vulnerabilities over 19 CWE types and 23 software Here is the statistics of Vul4C CWE Type Total Singl

References

CWE-476https://bugzilla.gnome.org/show_bug.cgi?id=778519http://www.openwall.com/lists/oss-security/2017/02/13/1http://www.openwall.com/lists/oss-security/2016/11/05/3http://www.securityfocus.com/bid/96188https://security.gentoo.org/glsa/201711-01https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880000https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2017-5969
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook