ID |
CVE-2018-9251
|
Summary |
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 2.6 (as of 03-10-2019 - 00:03) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-835 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1595985 | title | CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 8 is installed | oval | oval:com.redhat.rhba:tst:20193384074 |
OR | AND | comment | libxml2 is earlier than 0:2.9.7-7.el8 | oval | oval:com.redhat.rhsa:tst:20201827001 |
comment | libxml2 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20111749002 |
|
AND | comment | libxml2-debugsource is earlier than 0:2.9.7-7.el8 | oval | oval:com.redhat.rhsa:tst:20201827003 |
comment | libxml2-debugsource is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20201827004 |
|
AND | comment | libxml2-devel is earlier than 0:2.9.7-7.el8 | oval | oval:com.redhat.rhsa:tst:20201827005 |
comment | libxml2-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20111749004 |
|
AND | comment | python3-libxml2 is earlier than 0:2.9.7-7.el8 | oval | oval:com.redhat.rhsa:tst:20201827007 |
comment | python3-libxml2 is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20201827008 |
|
|
|
|
| rhsa | id | RHSA-2020:1827 | released | 2020-04-28 | severity | Moderate | title | RHSA-2020:1827: libxml2 security update (Moderate) |
|
| rpms | - libxml2-0:2.9.7-7.el8
- libxml2-debuginfo-0:2.9.7-7.el8
- libxml2-debugsource-0:2.9.7-7.el8
- libxml2-devel-0:2.9.7-7.el8
- python3-libxml2-0:2.9.7-7.el8
- python3-libxml2-debuginfo-0:2.9.7-7.el8
|
|
refmap
via4
|
|
Last major update |
03-10-2019 - 00:03 |
Published |
04-04-2018 - 02:29 |
Last modified |
03-10-2019 - 00:03 |