Heap-Based Buffer Over-Read in libxml2 Affects PHP Integration
CVE-2017-9050

7.5HIGH

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Vendor
CVE Published:
18 May 2017

What is CVE-2017-9050?

libxml2, specifically version 20904-GITv2.9.4-16-g0741801, is susceptible to a heap-based buffer over-read in the xmlDictAddString function located in dict.c. This flaw can lead to crashes in programs reliant on libxml2, like PHP. The vulnerability arose due to an incomplete remedy for a prior security issue. It is crucial for users and administrators to assess their systems for this vulnerability and apply necessary patches or updates to prevent exploitation.

References

http://www.securityfocus.com/bid/98568
vdb-entryx_refsource_BID
http://www.debian.org/security/2017/dsa-3952
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201711-01
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.