The vulnerability in the implementation of the xmlSnprintfElementContent() function in the libxml2 library allows a attacker to cause a service failure.

🗓️ 24 Dec 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 5 Views

Libxml2 xmlSnprintfElementContent flaw allows remote service failure by escaping beyond buffer bounds.

Reporter	Title	Published	Views	Family All 136
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence Server 2017Q4 Security Updater: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.	15 Jun 201823:47	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Cognos Analytics	15 Jun 201823:51	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 may affect IBM Storage Archive	26 Aug 202522:21	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Streams may be affected by XMLsoft Libxml2 vulnerabilities	16 Jun 201814:17	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows	31 Jan 201902:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	26 Apr 202514:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to denial of service due to CVE-2017-9047, CVE-2017-9048, CVE-2017-9049 and CVE-2017-9050	7 Nov 202216:07	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Open Source libxml2 vulnerabilities	19 Jun 202518:09	–	ibm

Vulners

Node

ibm security_guardiumMatch10.0

OR

ibm security_guardiumMatch10.0.1

OR

ibm security_guardiumMatch10.1

OR

ibm security_guardiumMatch10.1.2

OR

red_hat jboss_core_servicesMatch1

OR

ibm app_connect_enterprise_certified_containerMatch4.1

OR

ibm app_connect_enterprise_certified_containerMatch4.2

OR

ibm app_connect_enterprise_certified_containerMatch5.0-lts

OR

ibm app_connect_enterprise_certified_containerMatch5.1

OR

ibm app_connect_enterprise_certified_containerMatch5.2

OR

ibm app_connect_enterprise_certified_containerMatch6.0

OR

ibm cognos_analyticsRange<11.0.10.0

OR

intel manycore_platform_software_stack_(mpss)Range<3.8.3

OR

ibm security_guardiumMatch10.1.3

OR

canonical ubuntuMatch17.04

OR

red_hat red_hat_enterprise_linuxMatch8

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
gitlab	www.gitlab.gnome.org/GNOME/libxml2/-/commit/932cc9896ab
access	www.access.redhat.com/security/cve/cve-2017-9047
security-tracker	www.security-tracker.debian.org/tracker/CVE-2017-9047
ubuntu	www.ubuntu.com/security/notices/USN-3424-1
ubuntu	www.ubuntu.com/security/notices/USN-3424-2
ibm	www.ibm.com/support/pages/node/6837647
ibm	www.ibm.com/support/pages/node/567705
ibm	www.ibm.com/support/pages/node/868882
ibm	www.ibm.com/support/pages/node/295723

24 Dec 2022 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 37.5

CVSS 27.8

EPSS0.03185

libxml2 xmlSnprintfElementContent buffer overflow remote execution