Input validation error in libxml2 (Alpine package)



Published: 2017-06-16
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-5969
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		libxml2 (Alpine package)
Operating systems & Components / Operating system package or component

Vendor Alpine Linux Development Team

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU32077

Risk: Medium

CVSSv3.1: 4.1 [AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5969

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via a crafted XML document.

Mitigation

Install update from vendor's website.

Vulnerable software versions

libxml2 (Alpine package): 2.9.4-r2 - 2.9.4-r3

External links

http://git.alpinelinux.org/aports/commit/?id=1647bdc21ffc22aacee5ea142d372445d1fd5b03
http://git.alpinelinux.org/aports/commit/?id=5e57be93778177ca048236091d2814a4ad205903
http://git.alpinelinux.org/aports/commit/?id=9ba0323ae03ecb1319c9174e281260c37544fa1d
http://git.alpinelinux.org/aports/commit/?id=a6c278e2f3d21e7ffc9b25ad0cd3845c3caafcf9
http://git.alpinelinux.org/aports/commit/?id=a49c9e6942d3d44160b5470c06957e99a8191d7f
http://git.alpinelinux.org/aports/commit/?id=23378989c95591c62d00888e83710e5424685eaa
http://git.alpinelinux.org/aports/commit/?id=80f4efd8ae07abf0f36afd88e30f5a1ed1f94628
http://git.alpinelinux.org/aports/commit/?id=b17579f3fe79dcad883955f228745b24b76c4a16
http://git.alpinelinux.org/aports/commit/?id=f952adf5ff909e9fb868e2c5a8ab0558be22ee68
http://git.alpinelinux.org/aports/commit/?id=fae1547c146cf95cc9bce7d385a9280239c20107


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###