ID CVE-2017-5969
Summary ** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."
References
Vulnerable Configurations
  • XMLSoft Libxml2 2.9.4
    cpe:2.3:a:xmlsoft:libxml2:2.9.4
CVSS
Base: 2.6 (as of 17-04-2017 - 12:24)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-A3A47973EB.NASL
    description Update to latest upstream release, includes several security related fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2017-04-20
    plugin id 99491
    published 2017-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99491
    title Fedora 25 : libxml2 (2017-a3a47973eb)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-754.NASL
    description This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2018-09-01
    modified 2018-01-26
    plugin id 101189
    published 2017-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101189
    title openSUSE Security Update : libxml2 (openSUSE-2017-754)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1670-1.NASL
    description This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-02
    plugin id 101056
    published 2017-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101056
    title SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1670-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-BE8574D593.NASL
    description Update to latest upstream release, includes several security related fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2017-04-20
    plugin id 99492
    published 2017-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99492
    title Fedora 24 : libxml2 (2017-be8574d593)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201711-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2018-09-01
    modified 2018-03-27
    plugin id 104492
    published 2017-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=104492
    title GLSA-201711-01 : libxml2: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1813-1.NASL
    description This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) - CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) - CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-09-01
    modified 2018-08-02
    plugin id 101351
    published 2017-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101351
    title SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0039.NASL
    description An update of [cairo,openvswitch,libxml2,go] packages for PhotonOS has been released.
    last seen 2018-09-02
    modified 2018-08-17
    plugin id 111888
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111888
    title Photon OS 1.0: Cairo / Go / Libxml2 / Openvswitch PHSA-2017-0039
refmap via4
bid 96188
gentoo GLSA-201711-01
misc https://bugzilla.gnome.org/show_bug.cgi?id=778519
mlist
  • [oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)
  • [oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)
Last major update 18-04-2017 - 11:58
Published 11-04-2017 - 12:59
Last modified 10-11-2017 - 21:29
Back to Top