Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-5969 |
CWE-ID | CWE-20 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
libxml2 (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU32077
Risk: Medium
CVSSv3.1: 4.1 [AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5969
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows remote attackers to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference) via a crafted XML document.
MitigationInstall update from vendor's website.
Vulnerable software versionslibxml2 (Alpine package): 2.9.4-r2 - 2.9.4-r3
External linkshttp://git.alpinelinux.org/aports/commit/?id=1647bdc21ffc22aacee5ea142d372445d1fd5b03
http://git.alpinelinux.org/aports/commit/?id=5e57be93778177ca048236091d2814a4ad205903
http://git.alpinelinux.org/aports/commit/?id=9ba0323ae03ecb1319c9174e281260c37544fa1d
http://git.alpinelinux.org/aports/commit/?id=a6c278e2f3d21e7ffc9b25ad0cd3845c3caafcf9
http://git.alpinelinux.org/aports/commit/?id=a49c9e6942d3d44160b5470c06957e99a8191d7f
http://git.alpinelinux.org/aports/commit/?id=23378989c95591c62d00888e83710e5424685eaa
http://git.alpinelinux.org/aports/commit/?id=80f4efd8ae07abf0f36afd88e30f5a1ed1f94628
http://git.alpinelinux.org/aports/commit/?id=b17579f3fe79dcad883955f228745b24b76c4a16
http://git.alpinelinux.org/aports/commit/?id=f952adf5ff909e9fb868e2c5a8ab0558be22ee68
http://git.alpinelinux.org/aports/commit/?id=fae1547c146cf95cc9bce7d385a9280239c20107
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.