CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Affected products Warnungen 0 Metrics 3 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version <= 2.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.82%	0.94

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Vendor Advisory

Release Notes

Permissions Required

Patch

Third Party Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD