CVE-2017-7376
published 2018-02-19CVE-2017-7376: Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud_for_windows | — | — |
| apple | ios | — | — |
| apple | itunes_12.7_for_windows | — | — |
| apple | macos_high_sierra | — | — |
| apple | macos_high_sierra_10.13.1_security_update_2017-001_sierra_and_security_update_20 | — | — |
| apple | tvos | — | — |
| apple | watchos_4 | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.4+dfsg1-3.1 (bookworm) | libxml2 2.9.4+dfsg1-3.1 (bookworm) |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| xmlsoft | libxml2 | < 2.9.5 | 2.9.5 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-3.1 | 2.9.4+dfsg1-3.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.10 | 2.9.1+dfsg1-3ubuntu4.10 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL