Lucene search

K

Veracode Vulnerability DatabaseVERACODE:17023

HistoryMay 02, 2019 - 5:34 a.m.

Denial Of Service (DoS)

2019-05-0205:34:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

libxml2 is vulnerable to denial of service (DoS). The vulnerability exists as the xmlParseElementDecl function can cause a heap-based buffer underread, causing a DoS attack.

CPENameOperatorVersion
libxml2eq2.7.6__14.el6_5.1
libxml2eq2.7.6__14.el6_5.2
libxml2eq2.7.6__1.el6
libxml2eq2.7.6__4.el6_2.4
libxml2eq2.7.6__20.el6_7.1
libxml2eq2.7.6__8.el6_3.3
libxml2eq2.7.6__20.el6
libxml2eq2.7.6__4.el6_2.1
libxml2eq2.7.6__4.el6
libxml2eq2.7.6__17.el6_6.1

Rows per page:

1-10 of 281

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.openwall.com/lists/oss-security/2016/05/25/2

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/90864

www.securitytracker.com/id/1036348

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

www.ubuntu.com/usn/USN-2994-1

xmlsoft.org/news.html

access.redhat.com/errata/RHSA-2016:1292

access.redhat.com/errata/RHSA-2016:2957

access.redhat.com/security/cve/CVE-2016-4447

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1338686

git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

kc.mcafee.com/corporate/index?page=content&id=SB10170

support.apple.com/HT206899

support.apple.com/HT206901

support.apple.com/HT206902

support.apple.com/HT206903

support.apple.com/HT206904

support.apple.com/HT206905

www.debian.org/security/2016/dsa-3593

www.tenable.com/security/tns-2016-18

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:17023

ubuntucve1 prion1 debiancve1 cve1 redhatcve1 nessus24 f51 ibm25 slackware1 hackerone1 centos1 openvas14 redhat2 amazon1 oraclelinux1 suse5 apple12 debian3 fedora2 mageia1 symantec1 cloudfoundry1 ubuntu1 tenable1