CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2017-7376

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile22.02th
Published2018年2月19日
Last Modified2024年11月21日

Vulnerability Description

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.

Affected Platforms (CPE)

📦
Xmlsoft

Libxml2

< 2.9.5
💻
Google

Android

= 4.4.4
💻
Google

Android

= 5.0.2
💻
Google

Android

= 5.1.1
💻
Google

Android

= 6.0
💻
Google

Android

= 6.0.1
💻
Google

Android

= 7.0
💻
Google

Android

= 7.1.1
💻
Google

Android

= 7.1.2
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://www.securityfocus.com/bid/98877
🔗 http://www.securitytracker.com/id/1038623
🔗 https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=1462216
🔗 https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
🔗 https://source.android.com/security/bulletin/2017-06-01
🔗 https://www.debian.org/security/2017/dsa-3952
🔗 http://www.securityfocus.com/bid/98877

相關漏洞威脅

CVE-2008-352910.0

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent at...

CVE-2008-422610.0

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of servic...

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-73759.8

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity subst...