A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A remote code execution vulnerability in libxml2 could     enable an attacker using a specially crafted file to     execute arbitrary code within the context of an     unprivileged process. This issue is rated as High due     to the possibility of remote code execution in an     application that uses this library. Product: Android.
    Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,     7.1.2. Android ID: A-37104170.(CVE-2017-0663)

  - libxml2 2.9.8, if --with-lzma is used, allows remote     attackers to cause a denial of service (infinite loop)     via a crafted XML file that triggers     LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a     different vulnerability than CVE-2015-8035 and     CVE-2018-9251.(CVE-2018-14567)

  - The htmlParseTryOrFinish function in HTMLparser.c in     libxml2 2.9.4 allows attackers to cause a denial of     service (buffer over-read) or information     disclosure.(CVE-2017-8872)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     stack-based buffer overflow. The function     xmlSnprintfElementContent in valid.c is supposed to     recursively dump the element content definition into a     char buffer 'buf' of size 'size'. At the end of the     routine, the function may strcat two more characters     without checking whether the current strlen(buf) + 2 <     size. This vulnerability causes programs that use     libxml2, such as PHP, to crash.(CVE-2017-9048)

  - The xz_decomp function in xzlib.c in libxml2 2.9.1 does     not properly detect compression errors, which allows     context-dependent attackers to cause a denial of     service (process hang) via crafted XML     data.(CVE-2015-8035)

  - The xz_head function in xzlib.c in libxml2 before 2.9.6     allows remote attackers to cause a denial of service     (memory consumption) via a crafted LZMA file, because     the decoder functionality does not restrict memory     usage to what is required for a legitimate     file.(CVE-2017-18258)

  - ** DISPUTED ** libxml2 2.9.4, when used in recover     mode, allows remote attackers to cause a denial of     service (NULL pointer dereference) via a crafted XML     document. NOTE: The maintainer states 'I would disagree     of a CVE with the Recover parsing option which should     only be used for manual recovery at least for XML     parser.'(CVE-2017-5969)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A remote code execution vulnerability in libxml2 could     enable an attacker using a specially crafted file to     execute arbitrary code within the context of an     unprivileged process. This issue is rated as High due     to the possibility of remote code execution in an     application that uses this library. Product: Android.
    Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,     7.1.2. Android ID: A-37104170.(CVE-2017-0663)

  - parser.c in libxml2 before 2.9.5 mishandles     parameter-entity references because the NEXTL macro     calls the xmlParserHandlePEReference function in the     case of a '%' character in a DTD name.(CVE-2017-16931)

  - parser.c in libxml2 before 2.9.5 does not prevent     infinite recursion in parameter     entities.(CVE-2017-16932)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - A remote code execution vulnerability in libxml2 could     enable an attacker using a specially crafted file to     execute arbitrary code within the context of an     unprivileged process. This issue is rated as High due     to the possibility of remote code execution in an     application that uses this library. Product: Android.
    Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,     7.1.2. Android ID: A-37104170.(CVE-2017-0663)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libxml2. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker, by enticing a user to process a specially crafted XML       document, could remotely execute arbitrary code, conduct XML External       Entity (XXE) attacks, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code.
(CVE-2017-0663)

It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375)

It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376)

Marcel Bohme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047)

Marcel Bohme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service.
(CVE-2017-9048)

Marcel Bohme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, information leaks, or potentially, the execution of arbitrary code with the privileges of the user running the application.

CVE-2017-0663

Invalid casting of different structs could enable an attacker to remotely execute some code within the context of an unprivileged process.

CVE-2017-7376

Incorrect limit used for port values.

For Debian 7 'Wheezy', these problems have been fixed in version 2.8.0+dfsg1-7+wheezy9.

We recommend that you upgrade your libxml2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues: Security issues fixed :

  - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID     (bsc#1044337)

  - CVE-2017-5969: Fixed a NULL pointer deref in     xmlDumpElementContent (bsc#1024989)

  - CVE-2017-7375: Prevented an unwanted external entity     reference (bsc#1044894)

  - CVE-2017-7376: Increase buffer space for port in HTTP     redirect support (bsc#1044887)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues :

Security issues fixed :

  - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID     (bsc#1044337)

  - CVE-2017-5969: Fixed a NULL pointer deref in     xmlDumpElementContent (bsc#1024989)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for libxml2 fixes the following issues: Security issues fixed :

  - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID     (bsc#1044337)

  - CVE-2017-5969: Fixed a NULL pointer deref in     xmlDumpElementContent (bsc#1024989)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
131644	EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-2491)	Nessus	Huawei Local Security Checks	critical
117567	EulerOS Virtualization 2.5.0 : libxml2 (EulerOS-SA-2018-1258)	Nessus	Huawei Local Security Checks	critical
117566	EulerOS Virtualization 2.5.1 : libxml2 (EulerOS-SA-2018-1257)	Nessus	Huawei Local Security Checks	critical
110850	EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1186)	Nessus	Huawei Local Security Checks	high
104492	GLSA-201711-01 : libxml2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
103327	Ubuntu 14.04 LTS / 16.04 LTS : libxml2 vulnerabilities (USN-3424-1)	Nessus	Ubuntu Local Security Checks	critical
102685	Debian DSA-3952-1 : libxml2 - security update	Nessus	Debian Local Security Checks	critical
102595	Debian DLA-1060-1 : libxml2 security update	Nessus	Debian Local Security Checks	critical
101351	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)	Nessus	SuSE Local Security Checks	critical
101189	openSUSE Security Update : libxml2 (openSUSE-2017-754)	Nessus	SuSE Local Security Checks	high
101056	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1670-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2017-0663

high

Tenable Plugins

critical

critical

critical

high

critical

critical

critical

critical

critical

high

high