CVE-2018-9251
published 2018-04-04CVE-2018-9251: The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted…
PriorityP423medium5.3CVSS 3.0
AVNACHPRNUIRSUCNINAH
EPSS
2.44%
82.3th percentile
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
Affected
30 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.10+dfsg-2 (bookworm) | libxml2 2.9.10+dfsg-2 (bookworm) |
| debian | libxml2 | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
| xmlsoft | libxml2 | >= 0 < 2.9.8-r1 | 2.9.8-r1 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6LOW
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4h39-8h6h-93x3: libxml2 2
ghsa_unreviewed·2022-05-13·CVSS 2.6
CVE-2018-14567 [LOW] CWE-835 GHSA-4h39-8h6h-93x3: libxml2 2
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
GHSA
GHSA-qvh5-3xv2-rf6p: The xz_decomp function in xzlib
ghsa_unreviewed·2022-05-13·CVSS 2.6
CVE-2018-9251 [LOW] CWE-835 GHSA-qvh5-3xv2-rf6p: The xz_decomp function in xzlib
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
OSV
CVE-2018-14567: libxml2 2
osv·2018-08-16·CVSS 2.6
CVE-2018-14567 [LOW] CVE-2018-14567: libxml2 2
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
OSV
CVE-2018-9251: The xz_decomp function in xzlib
osv·2018-04-04·CVSS 2.6
CVE-2018-9251 [LOW] CVE-2018-9251: The xz_decomp function in xzlib
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Red Hat
libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
vendor_redhat·2018-04-03·CVSS 2.6
CVE-2018-14567 [LOW] CWE-400 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Statement: Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.
Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 8) - Not affected
Package: mingw-libxml2 (Red Hat Enterprise Linux 8) - Not affected
Package: libxml2 (Red Hat JBoss Core Services) - Not affected
Package: libxml2 (R
Red Hat
libxml2: infinite loop in xz_decomp function in xzlib.c
vendor_redhat·2018-04-03·CVSS 2.6
CVE-2018-9251 [LOW] CWE-835 libxml2: infinite loop in xz_decomp function in xzlib.c
libxml2: infinite loop in xz_decomp function in xzlib.c
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
Statement: This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 7) - Not affected
Package: libxml2 (Red Hat JBoss Core Services) - Not affected
Package: libxml2 (Red Hat JBoss Web Server 3) - Not affected
Debian
CVE-2018-9251: libxml2 - The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allo...
vendor_debian·2018·CVSS 2.6
CVE-2018-9251 [LOW] CVE-2018-9251: libxml2 - The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allo...
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2018-14567: libxml2 - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial...
vendor_debian·2018·CVSS 2.6
CVE-2018-14567 [LOW] CVE-2018-14567: libxml2 - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial...
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Scope: local
bookworm: resolved (fixed in 2.9.10+dfsg-2)
bullseye: resolved (fixed in 2.9.10+dfsg-2)
forky: resolved (fixed in 2.9.10+dfsg-2)
sid: resolved (fixed in 2.9.10+dfsg-2)
trixie: resolved (fixed in 2.9.10+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
bugzilla·2018-08-22·CVSS 2.6
CVE-2018-14567 [LOW] CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Upstream Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
Discussion:
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1619878]
Created mingw-libxml2 tracking bugs for this issue:
Affects: epel-7 [bug 1619880]
Affects: fedora-all [bug 1619879]
---
RHEL5/6 use a libxml2 version released before it had LZMA support.
---
Statement:
Red Hat Product Security has r
Bugzilla
CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c
bugzilla·2018-04-09·CVSS 2.6
CVE-2018-9251 [LOW] CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c
CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c
A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
Reference:
https://bugzilla.gnome.org/show_bug.cgi?id=794914
Discussion:
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1565320]
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1565321]
Created mingw-libxml2 tracking bugs for this issue:
Affects: epel-7 [bug 1565319]
---
Statement:
This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise
Bugzilla
CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c [fedora-all]
bugzilla·2018-04-09·CVSS 5.3
CVE-2018-9251 [MEDIUM] CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c [fedora-all]
CVE-2018-9251 libxml2: infinite loop in xz_decomp function in xzlib.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ver
Bugzilla
CVE-2018-9251 mingw-libxml2: libxml2: infinite loop in xz_decomp function in xzlib.c [fedora-all]
bugzilla·2018-04-09·CVSS 5.3
CVE-2018-9251 [MEDIUM] CVE-2018-9251 mingw-libxml2: libxml2: infinite loop in xz_decomp function in xzlib.c [fedora-all]
CVE-2018-9251 mingw-libxml2: libxml2: infinite loop in xz_decomp function in xzlib.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multipl
Bugzilla
CVE-2018-9251 mingw-libxml2: libxml2: infinite loop in xz_decomp function in xzlib.c [epel-7]
bugzilla·2018-04-09·CVSS 5.3
CVE-2018-9251 [MEDIUM] CVE-2018-9251 mingw-libxml2: libxml2: infinite loop in xz_decomp function in xzlib.c [epel-7]
CVE-2018-9251 mingw-libxml2: libxml2: infinite loop in xz_decomp function in xzlib.c [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template
2018-04-04
Published