7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
38.1%
lxml is vulnerable to denial of service attacks. The vulnerability exists through a null pointer dereference in _appendStartNsEvents
function of iterparse.pxi
when incorrect parser input occurs together with usages of iterwalk() on trees generated by the same parser which allows an attacker to cause an application crash.
github.com/advisories/GHSA-wrxv-2j5q-m38w
github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f
huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba
huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/
lists.fedoraproject.org/archives/list/[email protected]/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/
lists.fedoraproject.org/archives/list/[email protected]/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/
security.gentoo.org/glsa/202208-06
security.netapp.com/advisory/ntap-20220915-0006/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
38.1%