CVE-2017-5969

CWE-476 — NULL Pointer Dereference12 documents9 sources

Severity

4.7MEDIUM

EPSS

2.9%

top 13.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2

Timeline

PublishedApr 11

Latest updateMay 13

Description

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages2 packages

▶Debianlibxml2< 2.9.4+dfsg1-5.1+3

▶NVDxmlsoft/libxml22.9.4

🔴Vulnerability Details

GHSA

GHSA-fh2x-v9fw-7v49: ** DISPUTED ** libxml2 2↗2022-05-13

▶

CVEList

CVE-2017-5969: libxml2 2↗2017-04-11

▶

OSV

CVE-2017-5969: libxml2 2↗2017-04-11

▶

📋Vendor Advisories

Apple

CVE-2017-5969: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan↗2017-10-31

▶

Debian

CVE-2017-5969: libxml2 - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a den...↗2017

▶

Red Hat

libxml2: Null pointer dereference in xmlSaveDoc implementation↗2016-11-05

▶

💬Community

HackerOne

CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)↗2019-10-04

▶

Bugzilla

CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]↗2017-02-14

▶

Bugzilla

CVE-2017-5969 libxml2: Null pointer dereference in xmlSaveDoc implementation↗2017-02-14

▶

Bugzilla

CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [fedora-all]↗2017-02-14

▶

Bugzilla

CVE-2017-5969 mingw-libxml2: libxml2: Null pointer dereference in xmlSaveDoc implementation [epel-7]↗2017-02-14

▶