CVE-2017-9049

CWE-125Out-of-bounds Read18 documents9 sources
Severity
7.5HIGH
EPSS
0.5%
top 36.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedMay 18
Latest updateMay 13

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Debianlibxml2< 2.9.4+dfsg1-3.1+3
NVDxmlsoft/libxml22.9.4

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-rv68-c8wr-h3m5: libxml2 20904-GITv22022-05-13
OSV
CVE-2017-9049: libxml2 20904-GITv22017-05-18
CVEList
CVE-2017-9049: libxml2 20904-GITv22017-05-18

📋Vendor Advisories

11
Apple
CVE-2017-9049: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan2017-10-31
Ubuntu
libxml2 vulnerabilities2017-10-10
Apple
CVE-2017-9049: macOS High Sierra 10.132017-09-25
Apple
CVE-2017-9049: iCloud for Windows 7.02017-09-25
Apple
CVE-2017-9049: iOS 112017-09-19

💬Community

3
Bugzilla
CVE-2017-9049 libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey2017-05-19
Bugzilla
CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 mingw-libxml2: various flaws [fedora-all]2017-05-19
Bugzilla
CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 libxml2: various flaws [fedora-all]2017-05-19
CVE-2017-9049 (HIGH CVSS 7.5) | libxml2 20904-GITv2.9.4-16-g0741801 | cvebase.io