CVE-2017-5969
published 2017-04-11CVE-2017-5969: libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The…
PriorityP419medium4.7CVSS 3.0
AVLACHPRNUIRSUCNINAH
EPSS
2.63%
83.6th percentile
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_high_sierra_10.13.1_security_update_2017-001_sierra_and_security_update_20 | — | — |
| debian | libxml2 | < libxml2 2.9.4+dfsg1-5.1 (bookworm) | libxml2 2.9.4+dfsg1-5.1 (bookworm) |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.1 | 2.9.4+dfsg1-5.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.1 | 2.9.4+dfsg1-5.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.1 | 2.9.4+dfsg1-5.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.1 | 2.9.4+dfsg1-5.1 |
CVSS provenance
nvdv3.04.7MEDIUMCVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv4.7MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2017-5969: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
vendor_apple·2017-10-31·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
Product: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan
CVE: CVE-2017-5969
Component: Kernel
Impact: A malicious application may be able to learn information about the presence and operation of other applications on the device.
Description: An application was able to access process information maintained by the operating system unrestricted. This issue was addressed with rate limiting.
Debian
CVE-2017-5969: libxml2 - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a den...
vendor_debian·2017·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969: libxml2 - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a den...
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
Scope: local
bookworm: resolved (fixed in 2.9.4+dfsg1-5.1)
bullseye: resolved (fixed in 2.9.4+dfsg1-5.1)
forky: resolved (fixed in 2.9.4+dfsg1-5.1)
sid: resolved (fixed in 2.9.4+dfsg1-5.1)
trixie: resolved (fixed in 2.9.4+dfsg1-5.1)
Red Hat
libxml2: Null pointer dereference in xmlSaveDoc implementation
vendor_redhat·2016-11-05·CVSS 4.7
CVE-2017-5969 [MEDIUM] CWE-476 libxml2: Null pointer dereference in xmlSaveDoc implementation
libxml2: Null pointer dereference in xmlSaveDoc implementation
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
A NULL pointer dereference was discovered in libxml2, when using xmllint --recover. A maliciously crafted file, when parsed in recovery mode, could cause the application to crash.
Statement: Recovery mode is not intended for use with untrusted input. Users invoking xmllint --recover may experience a crash, but applications processing documents from possibly malicious sources should not be exposed to this flaw.
Package: li
GHSA
GHSA-fh2x-v9fw-7v49: ** DISPUTED ** libxml2 2
ghsa_unreviewed·2022-05-13
CVE-2017-5969 [MEDIUM] CWE-476 GHSA-fh2x-v9fw-7v49: ** DISPUTED ** libxml2 2
** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."
OSV
CVE-2017-5969: libxml2 2
osv·2017-04-11·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969: libxml2 2
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
No detection rules found.
No public exploits indexed.
HackerOne
CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)
hackerone·2019-10-04·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)
CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)
I first reported this bug to the developers on [20 November 2015](https://bugzilla.gnome.org/show_bug.cgi?id=758422). A patch was finally committed on 7 June 2017 [here](https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882). The caveat here is that this only happens in recover mode which the developers say no sane person should ever use in production and/or against untrusted inputs. A CVE was assigned in April 2017.
The original crash involved some memory corruption which lead to a null pointer dereference and subsequent segfault after running `./xmllint --recover` against XML similar to ``.
```
test00.xml:1: parser error :
Bugzilla
CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
bugzilla·2017-02-14·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple suppor
Bugzilla
CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation
bugzilla·2017-02-14·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation
CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation
A vulnerability was found in libxml2. A maliciously crafted file could cause the application to crash, due to the xmlSaveDoc functionality not being safe.
References:
https://bugzilla.gnome.org/show_bug.cgi?id=778519
http://seclists.org/oss-sec/2017/q1/415
Discussion:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1421998]
Created mingw-libxml2 tracking bugs for this issue:
Affects: epel-7 [bug 1421999]
Affects: fedora-all [bug 1421997]
---
Statement:
Recovery mode is not intended for use with untrusted input. Users invoking xmllint --recover may experience a crash, but applications processing documents from possibly malicious sources should not be exposed to this flaw.
Bugzilla
CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
bugzilla·2017-02-14·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects
Bugzilla
CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [epel-7]
bugzilla·2017-02-14·CVSS 4.7
CVE-2017-5969 [MEDIUM] CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [epel-7]
CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
All mingw-* EPEL 7 c
http://www.openwall.com/lists/oss-security/2016/11/05/3http://www.openwall.com/lists/oss-security/2017/02/13/1http://www.securityfocus.com/bid/96188https://bugzilla.gnome.org/show_bug.cgi?id=778519https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlhttps://security.gentoo.org/glsa/201711-01http://www.openwall.com/lists/oss-security/2016/11/05/3http://www.openwall.com/lists/oss-security/2017/02/13/1http://www.securityfocus.com/bid/96188https://bugzilla.gnome.org/show_bug.cgi?id=778519https://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlhttps://security.gentoo.org/glsa/201711-01
2017-04-11
Published