CVE-2017-9050

CWE-125Out-of-bounds ReadCWE-122Heap-based Buffer Overflow20 documents9 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedMay 18
Latest updateDec 13

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianlibxml2< 2.9.4+dfsg1-3.1+3
NVDxmlsoft/libxml22.9.4
RubyGemsnokogiri< 1.8.1

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
OSV
Out-of-bounds read in nokogiri2017-12-13
GHSA
Out-of-bounds read in nokogiri2017-12-13
CVEList
CVE-2017-9050: libxml2 20904-GITv22017-05-18
OSV
CVE-2017-9050: libxml2 20904-GITv22017-05-18

📋Vendor Advisories

11
Apple
CVE-2017-9050: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan2017-10-31
Ubuntu
libxml2 vulnerabilities2017-10-10
Apple
CVE-2017-9050: macOS High Sierra 10.132017-09-25
Apple
CVE-2017-9050: iCloud for Windows 7.02017-09-25
Apple
CVE-2017-9050: iOS 112017-09-19

💬Community

4
Bugzilla
CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 mingw-libxml2: various flaws [fedora-all]2017-05-19
Bugzilla
CVE-2017-9047 CVE-2017-9048 CVE-2017-9049 CVE-2017-9050 libxml2: various flaws [fedora-all]2017-05-19
Bugzilla
CVE-2017-9050 libxml2: Heap-based buffer over-read in function xmlDictAddString2017-05-19
Bugzilla
CVE-2017-9049 libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey2017-05-19
CVE-2017-9050 (HIGH CVSS 7.5) | libxml2 20904-GITv2.9.4-16-g0741801 | cvebase.io