CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7376

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile22.02th
PublishedFeb 19, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

Affected Platforms (CPE)

πŸ“¦
Xmlsoft

Libxml2

< 2.9.5
πŸ’»
Google

Android

= 4.4.4
πŸ’»
Google

Android

= 5.0.2
πŸ’»
Google

Android

= 5.1.1
πŸ’»
Google

Android

= 6.0
πŸ’»
Google

Android

= 6.0.1
πŸ’»
Google

Android

= 7.0
πŸ’»
Google

Android

= 7.1.1
πŸ’»
Google

Android

= 7.1.2
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/98877
πŸ”— http://www.securitytracker.com/id/1038623
πŸ”— https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=1462216
πŸ”— https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
πŸ”— https://source.android.com/security/bulletin/2017-06-01
πŸ”— https://www.debian.org/security/2017/dsa-3952
πŸ”— http://www.securityfocus.com/bid/98877

Related Vulnerabilities

CVE-2008-352910.0

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent at...

CVE-2008-422610.0

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of servic...

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-73759.8

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity subst...