The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used,
allows remote attackers to cause a denial of service (infinite loop) via a
crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by
xmllint, a different vulnerability than CVE-2015-8035.

Notes

Author	Note
leosilva	it’s only affect if e2a9122b8dde53d320750451e9907a7dcb2ca8bb was applied, and it’s not the case.

References

bugzilla.gnome.org/show_bug.cgi?id=794914

launchpad.net/bugs/cve/CVE-2018-9251

nvd.nist.gov/vuln/detail/CVE-2018-9251

security-tracker.debian.org/tracker/CVE-2018-9251

www.cve.org/CVERecord?id=CVE-2018-9251

cve 3

alpinelinux 2

debiancve 3

prion 3

redhatcve 2

ubuntucve 3

nessus 48

ibm 10

openvas 27

veracode 2

mageia 2

archlinux 3

amazon 2

f5 1

fedora 6

oraclelinux 2

redhat 4

suse 3

ubuntu 1

debian 3

rubygems 1

centos 1

altlinux 2

freebsd 1

osv 35

photon 2

gentoo 1

apple 8

kitploit 1

tenable 1

ics 1

cve

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:00

CVE-2015-8035

2015-11-18 16:59:00

alpinelinux

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:00

debiancve

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:00

CVE-2015-8035

2015-11-18 16:59:00

prion

Design/Logic Flaw

2018-04-04 02:29:00

Design/Logic Flaw

2018-08-16 20:29:00

Design/Logic Flaw

2015-11-18 16:59:00

redhatcve

CVE-2018-9251

2018-04-09 20:20:56

CVE-2018-14567

2018-08-22 02:19:05

ubuntucve

CVE-2018-14567

2018-07-31 00:00:00

CVE-2015-8035

2015-11-02 00:00:00

CVE-2017-18258

2018-04-08 00:00:00

nessus

Oracle Linux 8 : libxml2 (ELSA-2020-1827)

2023-09-07 00:00:00

Tenable Log Correlation Engine (LCE) < 4.8.0 Libxml2 DoS

2016-04-25 00:00:00

Photon OS 3.0: Libxml2 PHSA-2019-3.0-0024

2019-08-26 00:00:00

ibm

Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local

2019-12-18 18:01:21

Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities

2020-07-27 09:24:37

Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM Cognos Metrics Manager (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8317)

2018-06-15 23:15:11

openvas

Mageia: Security Advisory (MGASA-2015-0433)

2015-11-08 00:00:00

Fedora Update for libxml2 FEDORA-2018-e198cf4a64

2018-08-10 00:00:00

Fedora Update for libxml2 FEDORA-2018-3b782350ff

2018-08-07 00:00:00

veracode

Denial Of Service (DoS)

2018-08-01 07:49:45

Denial Of Service (DoS)

2020-04-29 02:42:19

mageia

Updated libxml2 packages fix security vulnerability

2015-11-06 01:46:03

Updated libxml2 packages fix security vulnerabilities

2019-01-23 18:50:09

archlinux

[ASA-201810-3] libxml2: denial of service

2018-10-01 00:00:00

[ASA-201810-4] lib32-libxml2: denial of service

2018-10-01 00:00:00

libxml2: multiple issues

2015-12-09 00:00:00

amazon

Important: libxml2

2020-08-10 22:59:00

Important: libxml2

2020-07-21 16:34:00

K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567

2022-02-15 00:00:00

fedora

[SECURITY] Fedora 27 Update: libxml2-2.9.8-4.fc27

2018-08-09 16:53:03

[SECURITY] Fedora 28 Update: libxml2-2.9.8-4.fc28

2018-08-07 01:20:06

[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22

2016-02-17 04:26:04

oraclelinux

libxml2 security update

2020-05-05 00:00:00

libxml2 security update

2020-04-06 00:00:00

redhat

(RHSA-2020:1827) Moderate: libxml2 security update

2020-04-28 09:20:58

(RHSA-2020:1190) Moderate: libxml2 security update

2020-03-31 09:30:25

(RHSA-2020:3194) Important: Container-native Virtualization security, bug fix, and enhancement update

2020-07-28 18:02:45

suse

Security update for libxml2 (moderate)

2018-10-12 12:12:16

Security update for libxml2 (moderate)

2018-10-12 12:10:07

Security update for sles12-docker-image (important)

2016-03-16 15:28:52

ubuntu

libxml2 vulnerabilities

2015-11-16 00:00:00

debian

[SECURITY] [DLA 1524-1] libxml2 security update

2018-09-27 20:04:03

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

rubygems

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2015-04-13 21:00:00

centos

libxml2 security update

2020-04-08 18:42:56

altlinux

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.9.0.52.f824-alt1

2019-05-22 00:00:00

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.9.0.52.f824-alt1

2019-05-22 00:00:00

freebsd

libxml2 -- multiple vulnerabilities

2015-11-20 00:00:00

osv

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:02

CVE-2016-9597

2018-07-30 14:29:02

photon

Critical Photon OS Security Update - PHSA-2019-0024

2019-07-31 00:00:00

Critical Photon OS Security Update - PHSA-2019-3.0-0024

2019-07-29 00:00:00

gentoo

libxml2: Multiple vulnerabilities

2017-01-16 00:00:00

apple

About the security content of tvOS 9.2 - Apple Support

2017-01-23 03:54:34

About the security content of tvOS 9.2

2016-03-21 00:00:00

About the security content of watchOS 2.2

2016-03-21 00:00:00

kitploit

Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI

2019-11-05 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

52.2%

JSON

Related for UB:CVE-2018-9251