9.8

CVE-2017-7375

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version <= 2.9.4
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
GoogleAndroid Version4.4.4
GoogleAndroid Version5.0.2
GoogleAndroid Version5.1.1
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
GoogleAndroid Version7.0
GoogleAndroid Version7.1.1
GoogleAndroid Version7.1.2
XmlsoftLibxml2 Version2.9.4 Updaterc1
XmlsoftLibxml2 Version2.9.4 Updaterc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.64% 0.837
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.securitytracker.com/id/1038623
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201711-01
Third Party Advisory
https://source.android.com/security/bulletin/2017-06-01
Patch
Third Party Advisory
http://www.securityfocus.com/bid/98877
Third Party Advisory
VDB Entry
https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1462203
Patch
Third Party Advisory
Issue Tracking
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
Patch
Third Party Advisory
https://www.debian.org/security/2017/dsa-3952
Third Party Advisory