Lucene search

Veracode Vulnerability DatabaseVERACODE:7153

HistoryJul 25, 2018 - 6:30 a.m.

Denial Of Service (DoS)

2018-07-2506:30:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

libxml2.so is vulnerable to denial of service (DoS). The vulnerability exists due to the use-after-free errors occurring through the htmlParseChunk and xmldecl_done functions.

CPENameOperatorVersion
libxml2.sole2.9.0
libxml2.sole2.9.0

CPE	Name	Operator	Version
	libxml2.so	le	2.9.0
	libxml2.so	le	2.9.0

References

lists.opensuse.org/opensuse-updates/2013-04/msg00109.html

lists.opensuse.org/opensuse-updates/2013-06/msg00081.html

secunia.com/advisories/53061

www.openwall.com/lists/oss-security/2013/04/17/4

www.openwall.com/lists/oss-security/2013/04/19/1

www.ubuntu.com/usn/USN-1817-1

bugzilla.gnome.org/show_bug.cgi?id=690202

git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f

gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS#L1373

gitlab.gnome.org/GNOME/libxml2/commit/de0cc20c29cb3f056062925395e0f68d2250a46f

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:7153