4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libxml2 is vulnerable to XML external entity attacks. The xmlParserHandlePEReference
function in parser.c
allows external parameter entities to be loaded regardless of whether entity substitution or validation is enabled. This allows an attacker to cause a denial of service condition or an information leak using a crafted XML document.
lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
rhn.redhat.com/errata/RHSA-2015-0749.html
www-01.ibm.com/support/docview.wss?uid=swg21678183
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
www.securityfocus.com/bid/67233
xmlsoft.org/news.html
bugzilla.redhat.com/show_bug.cgi?id=1090976
exchange.xforce.ibmcloud.com/vulnerabilities/93092
git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df
github.com/GNOME/libxml2/commit/dd8367da17c2948981a51e52c8a6beb445edf825
support.apple.com/kb/HT205030
support.apple.com/kb/HT205031