CVE-2017-16931
published 2017-11-23CVE-2017-16931: parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a…
PriorityP344critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
4.45%
90.2th percentile
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | < libxml2 2.9.4+dfsg1-3.1 (bookworm) | libxml2 2.9.4+dfsg1-3.1 (bookworm) |
| xmlsoft | libxml2 | <= 2.9.4 | — |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Oracle
Oracle Oracle Systems Risk Matrix: XCP Firmware (libxml2) — CVE-2017-16931
vendor_oracle·2021-07-15·CVSS 9.8
CVE-2017-16931 [CRITICAL] Oracle Oracle Systems Risk Matrix: XCP Firmware (libxml2) — CVE-2017-16931
Oracle Oracle Systems Risk Matrix: XCP Firmware (libxml2) vulnerability
CVE: CVE-2017-16931
CVSS: 9.8
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujul2021 (JUL 2021)
Red Hat
libxml2: Mishandling parameter-entity references
vendor_redhat·2017-06-05·CVSS 9.8
CVE-2017-16931 [CRITICAL] CWE-776 libxml2: Mishandling parameter-entity references
libxml2: Mishandling parameter-entity references
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Statement: This issue affects the versions of rubygem-nokogiri as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue affects the versions of libxml2 as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Moderate security impact. This issu
Debian
CVE-2017-16931: libxml2 - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because ...
vendor_debian·2017·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931: libxml2 - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because ...
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Scope: local
bookworm: resolved (fixed in 2.9.4+dfsg1-3.1)
bullseye: resolved (fixed in 2.9.4+dfsg1-3.1)
forky: resolved (fixed in 2.9.4+dfsg1-3.1)
sid: resolved (fixed in 2.9.4+dfsg1-3.1)
trixie: resolved (fixed in 2.9.4+dfsg1-3.1)
GHSA
GHSA-7mr2-r9fx-7j9m: parser
ghsa_unreviewed·2022-05-13
CVE-2017-16931 [CRITICAL] CWE-119 GHSA-7mr2-r9fx-7j9m: parser
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
OSV
CVE-2017-16931: parser
osv·2017-11-23·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931: parser
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
No detection rules found.
No public exploits indexed.
HackerOne
Multiple issues in Libxml2 (2.9.2 - 2.9.5)
hackerone·2019-10-14·CVSS 4.3
[MEDIUM] Multiple issues in Libxml2 (2.9.2 - 2.9.5)
Multiple issues in Libxml2 (2.9.2 - 2.9.5)
Libxml2 is the XML C parser and toolkit developed for the Gnome project. Due to its flexible C implementation and continuous development, Libxml2 is known to be very portable, the library builds and works on a variety of systems (Linux, Unix, Windows, CygWin, MacOS, MacOS X, RISC Os, OS/2, VMS, QNX, MVS, VxWorks, ...). It is or has been adopted by many major vendors or products including Google (Chrome), VMWare, Apple (Safari, Mac OSX, iOS, ...), and many embedded systems. As in the [Google Patch Rewards](https://www.google.com.sg/about/appsecurity/patch-rewards) , Libxml2 is listed in the category of core infrastructure data parsers.
From 2015-2016, our fuzzing work on Libxml2 has systematically identified a sequence of bugs including use-after
Bugzilla
CVE-2017-16931 mingw-libxml2: libxml2: Mishandling parameter-entity references [fedora-all]
bugzilla·2017-11-24·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931 mingw-libxml2: libxml2: Mishandling parameter-entity references [fedora-all]
CVE-2017-16931 mingw-libxml2: libxml2: Mishandling parameter-entity references [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supp
Bugzilla
CVE-2017-16931 libxml2: Mishandling parameter-entity references
bugzilla·2017-11-24·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931 libxml2: Mishandling parameter-entity references
CVE-2017-16931 libxml2: Mishandling parameter-entity references
parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Upstream patch:
https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
Discussion:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1517310]
Created mingw-libxml2 tracking bugs for this issue:
Affects: epel-7 [bug 1517309]
Affects: fedora-all [bug 1517313]
Created ruby193-rubygem-nokogiri tracking bugs for this issue:
Affects: openshift-1 [bug 1517314]
Created rubygem-nokogiri tracking bugs for this issue:
Affects: epel-all [bug 1517311]
Affects: fedora-all [bug 1517312]
---
Sta
Bugzilla
CVE-2017-16931 rubygem-nokogiri: libxml2: Mishandling parameter-entity references [epel-all]
bugzilla·2017-11-24·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931 rubygem-nokogiri: libxml2: Mishandling parameter-entity references [epel-all]
CVE-2017-16931 rubygem-nokogiri: libxml2: Mishandling parameter-entity references [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppo
Bugzilla
CVE-2017-16931 mingw-libxml2: libxml2: Mishandling parameter-entity references [epel-7]
bugzilla·2017-11-24·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931 mingw-libxml2: libxml2: Mishandling parameter-entity references [epel-7]
CVE-2017-16931 mingw-libxml2: libxml2: Mishandling parameter-entity references [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for
Bugzilla
CVE-2017-16931 rubygem-nokogiri: libxml2: Mishandling parameter-entity references [fedora-all]
bugzilla·2017-11-24·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931 rubygem-nokogiri: libxml2: Mishandling parameter-entity references [fedora-all]
CVE-2017-16931 rubygem-nokogiri: libxml2: Mishandling parameter-entity references [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple s
Bugzilla
CVE-2017-16931 libxml2: Mishandling parameter-entity references [fedora-all]
bugzilla·2017-11-24·CVSS 9.8
CVE-2017-16931 [CRITICAL] CVE-2017-16931 libxml2: Mishandling parameter-entity references [fedora-all]
CVE-2017-16931 libxml2: Mishandling parameter-entity references [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions
http://xmlsoft.org/news.htmlhttps://bugzilla.gnome.org/show_bug.cgi?id=766956https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3https://lists.debian.org/debian-lts-announce/2017/11/msg00041.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttp://xmlsoft.org/news.htmlhttps://bugzilla.gnome.org/show_bug.cgi?id=766956https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3https://lists.debian.org/debian-lts-announce/2017/11/msg00041.htmlhttps://www.oracle.com//security-alerts/cpujul2021.html
2017-11-23
Published