Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-9049
HistoryMay 18, 2017 - 12:00 a.m.

CVE-2017-9049

2017-05-1800:00:00
ubuntu.com
ubuntu.com
22

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.5%

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer
over-read in the xmlDictComputeFastKey function in dict.c. This
vulnerability causes programs that use libxml2, such as PHP, to crash. This
vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

Bugs

Notes

Author Note
mdeslaur probably same issue as CVE-2017-9050
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlibxml2<ย 2.9.1+dfsg1-3ubuntu4.10UNKNOWN
ubuntu16.04noarchlibxml2<ย 2.9.3+dfsg1-1ubuntu0.3UNKNOWN
ubuntu17.04noarchlibxml2<ย 2.9.4+dfsg1-2.2ubuntu0.1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

58.5%