CVE-2017-8872

CWE-125Out-of-bounds Read12 documents8 sources
Severity
9.1CRITICAL
EPSS
0.2%
top 60.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedMay 10
Latest updateMay 13

Description

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

Debianlibxml2< 2.9.4+dfsg1-6.1+3
Ubuntulibxml2< 2.9.4+dfsg1-6.1ubuntu1.4+3
NVDxmlsoft/libxml22.9.4

🔴Vulnerability Details

4
GHSA
GHSA-8hvw-m45w-cr5x: The htmlParseTryOrFinish function in HTMLparser2022-05-13
OSV
libxml2 vulnerabilities2021-06-17
CVEList
CVE-2017-8872: The htmlParseTryOrFinish function in HTMLparser2017-05-10
OSV
CVE-2017-8872: The htmlParseTryOrFinish function in HTMLparser2017-05-10

📋Vendor Advisories

3
Ubuntu
libxml2 vulnerabilities2021-06-17
Debian
CVE-2017-8872: libxml2 - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attack...2017
Red Hat
libxml2: Out-of-bounds read in htmlParseTryOrFinish2016-11-28

💬Community

4
Bugzilla
CVE-2017-8872 libxml2: Out-of-bounds read in htmlParseTryOrFinish2017-05-10
Bugzilla
CVE-2017-8872 mingw-libxml2: libxml2: Out-of-bounds read in htmlParseTryOrFinish [epel-7]2017-05-10
Bugzilla
CVE-2017-8872 mingw-libxml2: libxml2: Out-of-bounds read in htmlParseTryOrFinish [fedora-all]2017-05-10
Bugzilla
CVE-2017-8872 libxml2: Out-of-bounds read in htmlParseTryOrFinish [fedora-all]2017-05-10
CVE-2017-8872 (CRITICAL CVSS 9.1) | The htmlParseTryOrFinish function i | cvebase.io