Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
archlinuxArchLinuxASA-201810-3
HistoryOct 01, 2018 - 12:00 a.m.

[ASA-201810-3] libxml2: denial of service

2018-10-0100:00:00
security.archlinux.org
11

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

Arch Linux Security Advisory ASA-201810-3

Severity: Medium
Date : 2018-10-01
CVE-ID : CVE-2018-9251
Package : libxml2
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-672

Summary

The package libxml2 before version 2.9.8-5 is vulnerable to denial of
service.

Resolution

Upgrade to 2.9.8-5.

pacman -Syu “libxml2>=2.9.8-5”

The problem has been fixed upstream but no release is available yet.

Workaround

None.

Description

A security issue has been found in libxml2 <= 2.9.8 compiled with LZMA
support enabled, in the xz_decomp function in xzlib.c. This flaw allows
a remote attacker to cause a denial of service via an infinite loop,
using a crafted XML payload that triggers LZMA_MEMLIMIT_ERROR.

Impact

A remote attacker is able to cause a denial of service by parsing a
specially crafted XML payload.

References

https://bugzilla.gnome.org/show_bug.cgi?id=794914
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
https://security.archlinux.org/CVE-2018-9251

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanylibxml2< 2.9.8-5UNKNOWN

Related

veracode 1
nessus 26
archlinux 1
oraclelinux 1
openvas 10
fedora 2
alpinelinux 2
cve 2
ubuntucve 3
debiancve 2
prion 2
redhatcve 2
redhat 3
mageia 1
suse 2
debian 1
ibm 1
amazon 2
f5 1
altlinux 2
photon 2
osv 2
kitploit 1
tenable 1
ics 1
veracode
veracode
Denial Of Service (DoS)
2020-04-29 02:42:19
nessus
nessus
Photon OS 3.0: Libxml2 PHSA-2019-3.0-0024
2019-08-26 00:00:00
RHEL 8 : libxml2 (RHSA-2020:1827)
2020-11-18 00:00:00
Fedora 27 : libxml2 (2018-e198cf4a64)
2018-08-10 00:00:00
archlinux
archlinux
[ASA-201810-4] lib32-libxml2: denial of service
2018-10-01 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2020-05-05 00:00:00
openvas
openvas
Fedora Update for libxml2 FEDORA-2018-3b782350ff
2018-08-07 00:00:00
Fedora Update for libxml2 FEDORA-2018-e198cf4a64
2018-08-10 00:00:00
openSUSE: Security Advisory for libxml2 (openSUSE-SU-2018:3110-1)
2018-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: libxml2-2.9.8-4.fc28
2018-08-07 01:20:06
[SECURITY] Fedora 27 Update: libxml2-2.9.8-4.fc27
2018-08-09 16:53:03
alpinelinux
alpinelinux
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:00
cve
cve
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:00
ubuntucve
ubuntucve
CVE-2017-18258
2018-04-08 00:00:00
CVE-2018-9251
2018-04-04 00:00:00
CVE-2018-14567
2018-07-31 00:00:00
debiancve
debiancve
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:00
prion
prion
Design/Logic Flaw
2018-04-04 02:29:00
Design/Logic Flaw
2018-08-16 20:29:00
redhatcve
redhatcve
CVE-2018-9251
2018-04-09 20:20:56
CVE-2018-14567
2018-08-22 02:19:05
redhat
redhat
(RHSA-2020:1827) Moderate: libxml2 security update
2020-04-28 09:20:58
(RHSA-2020:3194) Important: Container-native Virtualization security, bug fix, and enhancement update
2020-07-28 18:02:45
(RHSA-2020:4298) Moderate: OpenShift Container Platform 4.6.1 image security update
2020-10-27 14:57:54
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2019-01-23 18:50:09
suse
suse
Security update for libxml2 (moderate)
2018-10-12 12:12:16
Security update for libxml2 (moderate)
2018-10-12 12:10:07
debian
debian
[SECURITY] [DLA 1524-1] libxml2 security update
2018-09-27 20:04:03
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local
2019-12-18 18:01:21
amazon
amazon
Important: libxml2
2020-07-21 16:34:00
Important: libxml2
2020-08-10 22:59:00
f5
f5
K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567
2022-02-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1
2019-05-22 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0024
2019-07-31 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0024
2019-07-29 00:00:00
osv
osv
CVE-2018-9251
2018-04-04 02:29:00
CVE-2018-14567
2018-08-16 20:29:02
kitploit
kitploit
Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
2019-11-05 12:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON
Related for ASA-201810-3
veracode1nessus26archlinux1oraclelinux1openvas10fedora2alpinelinux2cve2ubuntucve3debiancve2prion2redhatcve2redhat3mageia1suse2debian1ibm1amazon2f51altlinux2photon2osv2kitploit1tenable1ics1