CVE-2018-14567
Severity
6.5MEDIUM
EPSS
0.7%
top 28.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 16
Latest updateMay 13
Description
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages2 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 14.04, 16.04, 18.04
Patches
🔴Vulnerability Details
4📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression↗2018-08-22
Bugzilla▶
CVE-2018-14567 libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file [fedora-all]↗2018-08-22
Bugzilla▶
CVE-2018-14567 mingw-libxml2: libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file [fedora-all]↗2018-08-22
Bugzilla▶
CVE-2018-14567 mingw-libxml2: libxml2: Infinite loop when --with-lzma is used allows for denial of service via crafted XML file [epel-7]↗2018-08-22
Bugzilla
▶