Remote XML Entity Inclusion in libxml2 Affects Multiple Platforms
CVE-2017-7375

9.8CRITICAL

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Vendor
CVE Published:
19 February 2018

What is CVE-2017-7375?

A flaw in libxml2 allows for remote XML entity inclusion due to improper handling of default parser flags. This vulnerability can potentially expose private data by allowing access to content from local files or from servers that would typically remain inaccessible. Attackers may exploit this flaw to reach sensitive information through unintended means, heightening the risk of data exposure across various systems relying on libxml2.

References

https://android.googlesource.com/platform/external/libxml...
x_refsource_CONFIRM
https://source.android.com/security/bulletin/2017-06-01
x_refsource_CONFIRM
https://www.debian.org/security/2017/dsa-3952
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-7375 : Remote XML Entity Inclusion in libxml2 Affects Multiple Platforms