#VU31350 Buffer overflow in Libxml2 - CVE-2017-7376
Published: February 19, 2018 / Updated: July 20, 2020
Vulnerability identifier: #VU31350
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-7376
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Libxml2
Libxml2
Software vendor:
Gnome Development Team
Gnome Development Team
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Remediation
Install update from vendor's website.
External links
- http://www.securityfocus.com/bid/98877
- http://www.securitytracker.com/id/1038623
- https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
- https://bugzilla.redhat.com/show_bug.cgi?id=1462216
- https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
- https://source.android.com/security/bulletin/2017-06-01
- https://www.debian.org/security/2017/dsa-3952