cbcvebase.
CVE-2017-9047
published 2017-05-18

CVE-2017-9047: A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the…

PriorityP339high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.19%
86.5th percentile
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

Affected

21 ranges
VendorProductVersion rangeFixed in
debianlibxml2< libxml2 2.9.4+dfsg1-3.1 (bookworm)libxml2 2.9.4+dfsg1-3.1 (bookworm)
debianlibxml2< libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)
msrcazl3_libxml2_2.11.5-4_on_azure_linux_3.0
msrcazl3_libxml2_2.11.5-5_on_azure_linux_3.0
msrccbl2_libxml2_2.10.4-6_on_cbl_mariner_2.0
netappontap
xmlsoftlibxml2< 2.12.102.12.10
xmlsoftlibxml2< 2.12.102.12.10
xmlsoftlibxml2
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-6.7+deb11u62.9.10+dfsg-6.7+deb11u6
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.3~deb12u22.9.14+dfsg-1.3~deb12u2
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.12.7+dfsg+really2.9.14-0.42.12.7+dfsg+really2.9.14-0.4
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.12.7+dfsg+really2.9.14-0.42.12.7+dfsg+really2.9.14-0.4
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.102.9.1+dfsg1-3ubuntu4.10
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.32.9.3+dfsg1-1ubuntu0.3
xmlsoftlibxml2>= 2.13.0 < 2.13.62.13.6
xmlsoftlibxml2>= 2.13.0 < 2.13.62.13.6

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.