Lucene search

K
prionPRIOn knowledge basePRION:CVE-2017-9048
HistoryMay 18, 2017 - 6:29 a.m.

Stack overflow

2017-05-1806:29:00
PRIOn knowledge base
www.prio-n.com
9

AI Score

8

Confidence

High

EPSS

0.003

Percentile

69.1%

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer โ€˜bufโ€™ of size โ€˜sizeโ€™. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

CPENameOperatorVersion
libxml2eq2.9.4