ID CVE-2017-5969
Summary libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 17-05-2024 - 01:19)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:P
refmap via4
bid 96188
gentoo GLSA-201711-01
misc https://bugzilla.gnome.org/show_bug.cgi?id=778519
mlist
  • [oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)
  • [oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)
Last major update 17-05-2024 - 01:19
Published 11-04-2017 - 16:59
Last modified 17-05-2024 - 01:19
Back to Top