CVE-2017-5969

Sažetak

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

Reference

http://www.openwall.com/lists/oss-security/2016/11/05/3
http://www.openwall.com/lists/oss-security/2017/02/13/1
http://www.securityfocus.com/bid/96188
https://bugzilla.gnome.org/show_bug.cgi?id=778519
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://security.gentoo.org/glsa/201711-01

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

05-08-2024 - 16:15

Objavljeno

11-04-2017 - 16:59