cbcvebase.
CVE-2017-5969
published 2017-04-11

CVE-2017-5969: libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The…

PriorityP419medium4.7CVSS 3.0
AVLACHPRNUIRSUCNINAH
EPSS
2.63%
83.6th percentile
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

Affected

7 ranges
VendorProductVersion rangeFixed in
applemacos_high_sierra_10.13.1_security_update_2017-001_sierra_and_security_update_20
debianlibxml2< libxml2 2.9.4+dfsg1-5.1 (bookworm)libxml2 2.9.4+dfsg1-5.1 (bookworm)
xmlsoftlibxml2
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-5.12.9.4+dfsg1-5.1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-5.12.9.4+dfsg1-5.1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-5.12.9.4+dfsg1-5.1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-5.12.9.4+dfsg1-5.1

CVSS provenance

nvdv3.04.7MEDIUMCVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv4.7MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.