FreeBSDD71DA236-9A94-11DD-8F42-001C2514716Clibxml2 -- two vulnerabilities
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.944 High
EPSS
Percentile
99.2%
Secunia reports:
Two vulnerabilities have been reported in Libxml2, which can be
exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise an application using the library.
- A recursion error exists when processing certain XML content.
This can be exploited to e.g. exhaust all available memory and CPU
resources by tricking an application using Libxml2 into processing
specially crafted XML documents. - A boundary error in the processing of long XML entity names
in parser.c can be exploited to cause a heap-based buffer overflow
when specially crafted XML content is parsed.
Successful exploitation may allow execution of arbitrary code.
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.944 High
EPSS
Percentile
99.2%