Buffer overflow in Libxml2 - CVE-2017-7376
Published: February 19, 2018 / Updated: July 20, 2020
Vulnerability identifier: #VU31350
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-7376
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Gnome Development Team
Affected software:
Libxml2
Libxml2
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
How to mitigate CVE-2017-7376
Install update from vendor's website.
Sources
- http://www.securityfocus.com/bid/98877
- http://www.securitytracker.com/id/1038623
- https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1462216
- https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
- https://source.android.com/security/bulletin/2017-06-01
- https://www.debian.org/security/2017/dsa-3952